[Freeciv-Dev] Re: (PR#4761) civserver get_invention crash

["Jason Short" <jdorje@xxxxxxxxxxxxxxxxxxxxx>]

Christian Knoke wrote:
> On Tue, Aug 05, 2003 at 07:26:40PM -0700, Jason Short wrote:
> 
>>Savegame available but it's not reproducable.

Nice.

When I run it under valgrind, I get this bad boy:

==10356== Invalid write of size 1
==10356==    at 0x806DC89: update_city_activity (cityturn.c:1385)
==10356==    by 0x806BB36: update_city_activities (cityturn.c:414)
==10356==    by 0x804E752: end_turn (srv_main.c:501)
==10356==    by 0x804FF72: main_loop (srv_main.c:1508)
==10356==    by 0x8050314: srv_main (srv_main.c:1591)
==10356==    by 0x804A007: main (civserver.c:154)
==10356==    by 0x403A04EC: __libc_start_main (in /lib/libc-2.3.2.so)
==10356==    by 0x8049C60: (within /tmp/jshort/freeciv/server/civserver)
==10356==    Address 0x418EBF0C is 788 bytes inside a block of size 2124 
free'd
==10356==    at 0x40160A1F: free (vg_clientfuncs.c:185)
==10356==    by 0x80AD7A4: game_remove_city (game.c:182)
==10356==    by 0x80686F7: remove_city (citytools.c:1161)
==10356==    by 0x806CAF1: city_distribute_surplus_shields (cityturn.c:921)
==10356==    by 0x806D4FD: city_build_stuff (cityturn.c:1141)
==10356==    by 0x806DC4E: update_city_activity (cityturn.c:1366)
==10356==    by 0x806BB36: update_city_activities (cityturn.c:414)
==10356==    by 0x804E752: end_turn (srv_main.c:501)
==10356==    by 0x804FF72: main_loop (srv_main.c:1508)
==10356==    by 0x8050314: srv_main (srv_main.c:1591)
==10356==    by 0x804A007: main (civserver.c:154)
==10356==    by 0x403A04EC: __libc_start_main (in /lib/libc-2.3.2.so)
==10356==    by 0x8049C60: (within /tmp/jshort/freeciv/server/civserver)

which is the same as PR#4769.  (There are also lots of other related 
errors - e.g., invalid reads of the same free'd city.)

(There's no crash when running under valgrind - valgrind uses its own 
implementation of malloc to spread the memory out so an invalid write 
won't actually write over any important data.)

jason