Complete.Org: Mailing Lists: Archives: freeciv-dev: June 2002:
[Freeciv-Dev] Re: Potential segfaults in advdomestic.c (PR#1599)

[Freeciv-Dev] Re: Potential segfaults in advdomestic.c (PR#1599)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	freeciv-dev@xxxxxxxxxxx
Cc:	bugs@xxxxxxxxxxxxxxxxxxx
Subject:	[Freeciv-Dev] Re: Potential segfaults in advdomestic.c (PR#1599)
From:	Per I Mathisen <per@xxxxxxxxxxx>
Date:	Thu, 20 Jun 2002 10:33:22 -0700 (PDT)

On Wed, 19 Jun 2002, Gregory Berkolaiko wrote:
> I started looking at it because of (PR#1580).
>
> While I was unable to reproduce or explain the crash described below, I
> noticed a place where the code is not robust wrt ruleset changes.  The
> line
> http://www.freeciv.org/lxr/source/ai/advdomestic.c?v=cvs#L764
>
> unit_type = get_role_unit(F_HELP_WONDER, 0);
>
> presumes that there is a unit which can help build wonder.  If there is no
> such unit in the ruleset, an assert in get_role_unit will be triggered.
> Tested, it happens indeed.
>
> There is at least another bug around here.  Line 744 calls get_unit_type
> but the argument is not guaranteed to be below U_LAST, which is
> essentially a segfault.  I think placing an assert in the function
> get_unit_type (unittype.c:84) should reveal a multitude of such
> overflowing calls.

Patch to fix this welcome, but I don't think we need to fix this before
release.

Yours,
Per

"It is difficult to catch a black cat in a dark room.
Especially if there is no cat there." - Confucius

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] Re: Potential segfaults in advdomestic.c (PR#1599), Per I Mathisen <=

Prev by Date: [Freeciv-Dev] Re: units.ruleset comments wrong (PR#1600)
Next by Date: [Freeciv-Dev] Re: Non-ending sound (PR#1564)
Previous by thread: [Freeciv-Dev] Re: units.ruleset comments wrong (PR#1600)
Next by thread: [Freeciv-Dev] For the wishlist: initial_units in the rulesets
Index(es):
- Date
- Thread