Complete.Org: Mailing Lists: Archives: freeciv-dev: May 1999:
[Freeciv-Dev] freeciv 1.8 segfault (fwd)

[Freeciv-Dev] freeciv 1.8 segfault (fwd)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	freeciv-dev@xxxxxxxxxxx
Subject:	[Freeciv-Dev] freeciv 1.8 segfault (fwd)
From:	Nicolas Brunel <brunel@xxxxxxxxxxxxxxxxxxxx>
Date:	Thu, 13 May 1999 22:32:43 +0000 (GMT)

Hello,

Sami Farin has found a bug in freeciv.
It's in civserver.c function handle_packet_input.
The lign is the first one with a free.

It may be explained by freeing a packet which isn't a request to join
packet.
Here follows a detailled report og gdb.

Best regards,

---------- Forwarded message ----------
Date: Mon, 10 May 1999 10:23:27 +0300 (   )
From: Sami Farin <sfarin@xxxxxxxx>
To: Nicolas Brunel <brunel@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Freeciv-Dev] freeciv 1.8 segfault

On Sat, 8 May 1999, Nicolas Brunel wrote:

> > 
> > I try during weekend... 'data -r' is almost like 'cat /dev/urandom'
> > if you didn't know already... I hope I find the bug. :)
> 
> Yes, and I thank you for it.
> But ... can you launch gdb to see where the problem occurs in civserver ?

That's what I did ;) I recompiled it with debugging info.

> Best regards,

Here we go... 

...
1: connection from localhost detected as old byte order

Program received signal SIGSEGV, Segmentation fault.
0x4004f902 in chunk_free (ar_ptr=0x400a4420, p=0x82428e8) at malloc.c:2948
malloc.c:2948: No such file or directory.

(gdb) bt
#0  0x4004f902 in chunk_free (ar_ptr=0x400a4420, p=0x82428e8) at
malloc.c:2948
#1  0x4004f7c1 in __libc_free (mem=0x82428f0) at malloc.c:2872
#2  0x8054557 in handle_packet_input (pconn=0x80df800, packet=0x82428f0
    "7-", type=18) at civserver.c:842
#3  0x806f70a in sniff_packets () at sernet.c:156
#4  0x80530e1 in main (argc=1, argv=0xbfffefd4) at civserver.c:316

(gdb) info arg
ar_ptr = (arena *) 0x400a4420
p = (struct malloc_chunk *) 0x82428e8

(gdb) info reg
     eax:       0x41          65
     ecx: 0x71e2ed10  1910697232
     edx:  0x82428f0   136587504
     ebx: 0x400a86cc  1074431692
     esp: 0xbfffec44 -1073746876
     ebp: 0xbfffec64 -1073746844
     esi:  0x8242928   136587560
     edi:  0x82428e8   136587496
     eip: 0x4004f902  1074067714
  eflags:    0x10202 IOPL: 0; flags: IF RF
orig_eax: 0xffffffff          -1
      cs:       0x23          35
      ss:       0x2b          43
      ds:       0x2b          43
      es:       0x2b          43
      fs:        0x0           0
      gs:        0x0           0

(gdb) info stack
#0  0x4004f902 in chunk_free (ar_ptr=0x400a4420, p=0x82428e8) at
    malloc.c:2948
#1  0x4004f7c1 in __libc_free (mem=0x82428f0) at malloc.c:2872
#2  0x8054557 in handle_packet_input (pconn=0x80df800, packet=0x82428f0
    "7-", type=18) at civserver.c:842
#3  0x806f70a in sniff_packets () at sernet.c:156
#4  0x80530e1 in main (argc=1, argv=0xbfffefd4) at civserver.c:316

(gdb) info scope handle_packet_input
Scope for handle_packet_input:
Symbol pconn is an argument at stack/frame offset 8, length 4.
Symbol packet is an argument at stack/frame offset 12, length 4.
Symbol type is an argument at stack/frame offset 16, length 4.
Symbol i is a local variable at frame offset -4, length 4.
Symbol pplayer is a local variable at frame offset -8, length 4.
(gdb) info stack

(gdb) info scope sniff_packets
Scope for sniff_packets:
Symbol i is a local variable at frame offset -4, length 4.
Symbol max_desc is a local variable at frame offset -8, length 4.
Symbol readfs is a local variable at frame offset -136, length 128.
Symbol tv is a local variable at frame offset -144, length 8.
Symbol time_at_turn_end is in static storage at address 0x80c7be0, length 4.
Symbol year is in static storage at address 0x80c7be4, length 4.

(gdb) info scope main
Scope for main:
Symbol argc is an argument at stack/frame offset 8, length 4.
Symbol argv is an argument at stack/frame offset 12, length 4.
Symbol h is a local variable at frame offset -4, length 4.
Symbol v is a local variable at frame offset -8, length 4.
Symbol n is a local variable at frame offset -12, length 4.
Symbol log_filename is a local variable at frame offset -16, length 4.
Symbol gamelog_filename is a local variable at frame offset -20, length 4.
Symbol load_filename is a local variable at frame offset -24, length 4.
Symbol script_filename is a local variable at frame offset -28, length 4.
Symbol i is a local variable at frame offset -32, length 4.
Symbol save_counter is a local variable at frame offset -36, length 4.
Symbol log_level is a local variable at frame offset -40, length 4.

(gdb) info frame
Stack level 0, frame at 0xbfffec64:
 eip = 0x4004f902 in chunk_free (malloc.c:2948); saved eip 0x4004f7c1
 called by frame at 0xbfffec80
 source language c.
 Arglist at 0xbfffec64, args: ar_ptr=0x400a4420, p=0x82428e8
 Locals at 0xbfffec64, Previous frame's sp is 0x0
 Saved registers:
  ebx at 0xbfffec44, ebp at 0xbfffec64, esi at 0xbfffec48, edi at
  0xbfffec4c, eip at 0xbfffec68

(gdb) info frame 1
Stack frame at 0xbfffec80:
 eip = 0x4004f7c1 in __libc_free (malloc.c:2872); saved eip 0x8054557
 called by frame at 0xbfffec98, caller of frame at 0xbfffec64
 source language c.
 Arglist at 0xbfffec80, args: mem=0x82428f0
 Locals at 0xbfffec80, Previous frame's sp is 0x0
 Saved registers:
  ebx at 0xbfffec74, ebp at 0xbfffec80, esi at 0xbfffec78, edi at
  0xbfffec7c, eip at 0xbfffec84

(gdb) info frame 2
Stack frame at 0xbfffec98:
 eip = 0x8054557 in handle_packet_input (civserver.c:842); saved eip 0x806f70a
 called by frame at 0xbfffef54, caller of frame at 0xbfffec80
 source language c.
 Arglist at 0xbfffec98, args: pconn=0x80df800, packet=0x82428f0 "7-", type=18
 Locals at 0xbfffec98, Previous frame's sp is 0x0
 Saved registers:
  ebx at 0xbfffec8c, ebp at 0xbfffec98, eip at 0xbfffec9c

(gdb) info frame 3
Stack frame at 0xbfffef54:
 eip = 0x806f70a in sniff_packets (sernet.c:156); saved eip 0x80530e1
 called by frame at 0xbfffefb8, caller of frame at 0xbfffec98
 source language c.
 Arglist at 0xbfffef54, args:
 Locals at 0xbfffef54, Previous frame's sp is 0x0
 Saved registers:
  ebx at 0xbfffecac, ebp at 0xbfffef54, esi at 0xbfffecb0, edi at
  0xbfffecb4, eip at 0xbfffef58

(gdb) info frame 4
Stack frame at 0xbfffefb8:
 eip = 0x80530e1 in main (civserver.c:316); saved eip 0x804908e
 caller of frame at 0xbfffef54
 source language c.
 Arglist at 0xbfffefb8, args: argc=1, argv=0xbfffefd4
 Locals at 0xbfffefb8, Previous frame's sp is 0x0
 Saved registers:
  ebx at 0xbfffef5c, ebp at 0xbfffefb8, eip at 0xbfffefbc 

-- 
Safari - sfarin@xxxxxxxx - PGP key 0x443BD271 - http://surf.to/safari
 "One World, One Web, One Program" - Microsoft Promotional Ad
 "Ein Volk, Ein Reich, Ein Fuhrer" - Adolf Hitler

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] freeciv 1.8 segfault (fwd), Nicolas Brunel <=

Prev by Date: Re: [Freeciv-Dev] gtk bugs
Next by Date: [Freeciv-Dev] PATCH: Clarifying the help text on Hanging Gardens
Previous by thread: [Freeciv-Dev] gtk bugs
Next by thread: [Freeciv-Dev] PATCH: Clarifying the help text on Hanging Gardens
Index(es):
- Date
- Thread