Freeciv - Bugs: bug #20517, Invalid read of size 4 in ruleset... [Gna!]

Freeciv - Bugs: bug #20517, Invalid read of size 4 in ruleset...

Group

Main
- Main
- View Members
- Search
Homepage
Download
Docs
- Browse
- Submit
- Edit
- Digest
- Export
- Search
Mailing Lists
Source Code
- Use Subversion
- Browse Sources Repository
Bugs
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Tasks
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Patches
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search

Show feedback again

bug #20517: Invalid read of size 4 in ruleset reloading cycle

Submitted by:	pepeto <pepeto>
Submitted on:	Sat 16 Feb 2013 09:31:53 PM UTC

Category:	general	Severity:	3 - Normal
Priority:	5 - Normal	Status:	Fixed
Assigned to:	pepeto <pepeto>	Open/Closed:	Closed
Release:	S2_3, S2_4, trunk	Operating System:	Any
Planned Release:	2.3.5, 2.4.0, 2.5.0

Add a New Comment (Rich Markup):

You are not logged in

Please log in, so followups can be emailed to you.

( Jump to the original submission)

Wed 20 Feb 2013 09:53:40 AM UTC, SVN revision 22401: Clear players' nation, governments and city_style in game_ruleset_free(). Clear game.government_during_revolution pointer in game_ruleset_free(). Remove other similar hacks from the client and server code. Discards PACKET_PLAYER_INFO in the middle of ruleset or game (re)loading cycles. See gna bug #20517 and bug #19814 (Browse SVN revision 22401)	pepeto <pepeto>
Wed 20 Feb 2013 09:53:38 AM UTC, SVN revision 22400: Clear players' nation, governments and city_style in game_ruleset_free(). Clear game.government_during_revolution pointer in game_ruleset_free(). Remove other similar hacks from the client and server code. Discards PACKET_PLAYER_INFO in the middle of ruleset or game (re)loading cycles. See gna bug #20517 and bug #19814 (Browse SVN revision 22400)	pepeto <pepeto>
Wed 20 Feb 2013 09:53:37 AM UTC, SVN revision 22399: Clear players' nation, governments and city_style in game_ruleset_free(). Clear game.government_during_revolution pointer in game_ruleset_free(). Remove other similar hacks from the client and server code. Discards PACKET_PLAYER_INFO in the middle of ruleset or game (re)loading cycles. See gna bug #20517 and bug #19814 (Browse SVN revision 22399)	pepeto <pepeto>
Mon 18 Feb 2013 01:03:08 PM UTC, comment #4: I have no idea why patches for S2_3 and S2_4 have been truncated. Also, notice that it solves the failed assertions of bug #20520. (file #17251, file #17252)	pepeto <pepeto>
Mon 18 Feb 2013 12:44:14 PM UTC, comment #3: The attached patch: clear players' nation, governments and city_style in game_ruleset_free() ; clear game.government_during_revolution pointer in game_ruleset_free() (this one should solve the problem) ; remove other similar hacks from the client and server code ; discards PACKET_PLAYER_INFO in the middle of ruleset or game (re)loading cycle. (file #17248, file #17249, file #17250)	pepeto <pepeto>
Mon 18 Feb 2013 10:14:17 AM UTC, comment #2: When applying this patch, we may be confronted for the same problem as bug #20520 if both rulesets don't have the same number of government types. However, it isn't as much problematic because players can have the same government type... Maybe governments types should be limited to (MAX_NUM_ITEMS / 2), using SINT8 for using -1 as government id? Maybe we should avoid to send player info packets during the ruleset reloading cycle? (this appear to me the best solution)	pepeto <pepeto>
Sat 16 Feb 2013 11:13:02 PM UTC, comment #1: See also bug #19814	pepeto <pepeto>
Sat 16 Feb 2013 09:31:53 PM UTC, original submission: dio_put_uint8() and valgrid reported a read error in ruleset reloading cycle: Trying to put 177836256 into 8 bits Trying to put 177836256 into 8 bits Trying to put 3331952 into 8 bits Trying to put 3331952 into 8 bits Trying to put 1713398619 into 8 bits Trying to put 1713398619 into 8 bits Trying to put 1713398619 into 8 bits Trying to put 1713398619 into 8 bits Trying to put 1713398619 into 8 bits Trying to put 1713398619 into 8 bits ==17762== Invalid read of size 4 ==17762== at 0x8196B8B: government_number (government.c:93) ==17762== by 0x80E20E6: package_player_info (plrhand.c:957) ==17762== by 0x80E2A4F: send_player_info_c_real (plrhand.c:782) ==17762== by 0x80E2C00: send_player_info_c (plrhand.c:755) ==17762== by 0x80F689B: load_rulesetdir (ruleset.c:5061) ==17762== by 0x80F95DC: load_rulesets (ruleset.c:5069) ==17762== by 0x808075A: set_rulesetdir (stdinhand.c:3794) ==17762== by 0x8088E60: handle_stdin_input_real.part.16 (stdinhand.c:4327) ==17762== by 0x808B50F: read_init_script_real (stdinhand.c:1264) ==17762== by 0x8088773: handle_stdin_input_real.part.16 (stdinhand.c:1181) ==17762== by 0x8136374: handle_chat_msg_req (handchat.c:343) ==17762== by 0x80D6AE3: server_handle_packet (hand_gen.c:40) ==17762== Address 0x6f76a38 is 0 bytes inside a block of size 1,344 free'd ==17762== at 0x402B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==17762== by 0x8197C5C: governments_free (government.c:536) ==17762== by 0x8196304: game_ruleset_free (game.c:521) ==17762== by 0x80F6866: load_rulesetdir (ruleset.c:5124) ==17762== by 0x80F95DC: load_rulesets (ruleset.c:5069) ==17762== by 0x808075A: set_rulesetdir (stdinhand.c:3794) ==17762== by 0x8088E60: handle_stdin_input_real.part.16 (stdinhand.c:4327) ==17762== by 0x808B50F: read_init_script_real (stdinhand.c:1264) ==17762== by 0x8088773: handle_stdin_input_real.part.16 (stdinhand.c:1181) ==17762== by 0x8136374: handle_chat_msg_req (handchat.c:343) ==17762== by 0x80D6AE3: server_handle_packet (hand_gen.c:40) ==17762== by 0x80774C1: server_packet_input (srv_main.c:1579) Patch attached which fix the problem for me. But I'm scared for secondary effects.	pepeto <pepeto>

(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):


Comment:

Attached Files

file #17252: S2_3_ruleset_reload.diff added by pepeto (8kB - text/x-diff)

file #17251: S2_4_ruleset_reload.diff added by pepeto (8kB - text/x-diff)

file #17248: trunk_ruleset_reload.diff added by pepeto (8kB - text/x-diff)

file #17223: ruleset_reload_player_gov.diff added by pepeto (423B - text/x-patch)

Depends on the following items: None found

Items that depend on this one: None found

Carbon-Copy List

-unavailable- added by pepeto (Submitted the item)

Do you think this task is very important?
If so, you can click here to add your encouragement to it.
This task has 0 encouragements so far.

Only logged-in users can vote.

Please enter the title of George Orwell's famous dystopian book (it's a date):

Follow 15 latest changes.

Date	Changed By	Updated Field	Previous Value	Replaced By
Wed 20 Feb 2013 09:54:05 AM UTC	pepeto	Status	Ready For Test	Fixed
		Open/Closed	Open	Closed
		Operating System	None	Any
Mon 18 Feb 2013 01:03:08 PM UTC	pepeto	Attached File	-	Added S2_4_ruleset_reload.diff, #17251
		Attached File	-	Added S2_3_ruleset_reload.diff, #17252
Mon 18 Feb 2013 01:00:52 PM UTC	pepeto	Attached File	#17250	Removed
Mon 18 Feb 2013 01:00:46 PM UTC	pepeto	Attached File	#17249	Removed
Mon 18 Feb 2013 12:44:14 PM UTC	pepeto	Attached File	-	Added trunk_ruleset_reload.diff, #17248
		Attached File	-	Added S2_4_ruleset_reload.diff, #17249
		Attached File	-	Added S2_3_ruleset_reload.diff, #17250
		Status	Need Info	Ready For Test
		Assigned to	None	pepeto
		Planned Release		2.3.5, 2.4.0, 2.5.0
Mon 18 Feb 2013 10:14:17 AM UTC	pepeto	Status	Ready For Test	Need Info
Sat 16 Feb 2013 09:31:53 PM UTC	pepeto	Attached File	-	Added ruleset_reload_player_gov.diff, #17223

Show feedback again