bugFreeciv - Bugs: bug #19814, Free'd ruleset structures accessed...

 
 
Show feedback again

bug #19814: Free'd ruleset structures accessed when changing ruleset

Submitted by:  Jacob Nevins <jtn>
Submitted on:  Fri 15 Jun 2012 07:39:30 PM UTC  
 
Category: NoneSeverity: 3 - Normal
Priority: 5 - NormalStatus: Duplicate
Assigned to: NoneOpen/Closed: Closed
Release: S2_3 r21191Operating System: Any
Planned Release: 

Add a New Comment (Rich MarkupRich Markup):
   

You are not logged in

Please log in, so followups can be emailed to you.

 

Wed 20 Feb 2013 09:53:40 AM UTC, SVN revision 22401:

Clear players' nation, governments and city_style in game_ruleset_free().
Clear game.government_during_revolution pointer in game_ruleset_free().
Remove other similar hacks from the client and server code.
Discards PACKET_PLAYER_INFO in the middle of ruleset or game (re)loading cycles.

See gna bug #20517 and bug #19814

(Browse SVN revision 22401)

pepeto <pepeto>
Project Member
Wed 20 Feb 2013 09:53:38 AM UTC, SVN revision 22400:

Clear players' nation, governments and city_style in game_ruleset_free().
Clear game.government_during_revolution pointer in game_ruleset_free().
Remove other similar hacks from the client and server code.
Discards PACKET_PLAYER_INFO in the middle of ruleset or game (re)loading cycles.

See gna bug #20517 and bug #19814

(Browse SVN revision 22400)

pepeto <pepeto>
Project Member
Wed 20 Feb 2013 09:53:37 AM UTC, SVN revision 22399:

Clear players' nation, governments and city_style in game_ruleset_free().
Clear game.government_during_revolution pointer in game_ruleset_free().
Remove other similar hacks from the client and server code.
Discards PACKET_PLAYER_INFO in the middle of ruleset or game (re)loading cycles.

See gna bug #20517 and bug #19814

(Browse SVN revision 22399)

pepeto <pepeto>
Project Member
Mon 18 Feb 2013 10:15:30 AM UTC, comment #2:

Discussion is continuing at bug #20517

pepeto <pepeto>
Project Member
Sat 16 Feb 2013 11:12:58 PM UTC, comment #1:

See also bug #20517

pepeto <pepeto>
Project Member
Fri 15 Jun 2012 07:39:30 PM UTC, original submission:

Spotted by pepeto's valgrind in bug #19800:

load_rulesets() calls game_ruleset_free(), which frees ruleset structures, and shortly afterwards calls reset_player_nations(), which eventually calls package_player_info(), which as part of its work calls government_number(), which follows pointers from the player structure to the previously freed government structures.
(package_player_info() also calls all sorts of other game functions which I fear might try to access freed ruleset structures, although I didn't spot any.)

The obvious fix is to swap the order of the two calls made by load_rulesets().

However, I'm not sure how worried to be about those dangling government pointers left in player structures over the ruleset reload -- does something clear them down?

Here's the relevant bit of the Valgrind log from bug #19800:

Jacob Nevins <jtn>
Project Administrator

 

(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):
   
   
Comment:
   

No files currently attached

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by pepeto (Posted a comment)
  • -unavailable- added by jtn (Submitted the item)
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    Follow 2 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Mon 18 Feb 2013 10:15:30 AM UTCpepetoStatusNone=>Duplicate
      Open/ClosedOpen=>Closed
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup