Complete.Org: Mailing Lists: Archives: freeciv-dev: December 2004:
[Freeciv-Dev] Re: (PR#11237) assertion in attribute.c - cannot join to g 		Home

[Freeciv-Dev] Re: (PR#11237) assertion in attribute.c - cannot join to g

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: lukasz@xxxxxxxxxxx
Subject: [Freeciv-Dev] Re: (PR#11237) assertion in attribute.c - cannot join to game
From: "Jason Short" <jdorje@xxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 4 Dec 2004 18:32:59 -0800
Reply-to: rt@xxxxxxxxxxx 
<URL: http://rt.freeciv.org/Ticket/Display.html?id=11237 >

maHo wrote:
> <URL: http://rt.freeciv.org/Ticket/Display.html?id=11237 >
> 
> Hello
> 
> next Bad Thing :(
> 
> I have applied attribute.diff, and it helped, but, now it says me:
> 
> [maho@tereska maho]$ LC_ALL=en_US civclient  -s pagema.net -a
> 0: Out of memory trying to malloc 146569574 bytes at line 224 of 
> attribute.c.
> [maho@tereska maho]$
> 
> I'm attaching savegame, on which you can reproduce this bug.

Good report.  This patch catches that error.

BTW, what version is this savegame from?

-jason


Index: client/attribute.c
===================================================================
RCS file: /home/freeciv/CVS/freeciv/client/attribute.c,v
retrieving revision 1.19.2.1
diff -u -r1.19.2.1 attribute.c
--- client/attribute.c  1 Dec 2004 06:58:01 -0000       1.19.2.1
+++ client/attribute.c  5 Dec 2004 02:30:05 -0000
@@ -220,7 +220,12 @@
     struct data_out dout;
 
     dio_get_uint32(&din, &value_length);
-    
+
+    if (value_length > 1000000) {
+      /* Don't allow allocations of more than 1 Mb. */
+      free(pkey);
+      goto error;
+    }
     pvalue = fc_malloc(value_length + 4);
     
     dio_get_uint32(&din, &pkey->key);
@@ -233,20 +238,21 @@
     dio_get_memory(&din, ADD_TO_POINTER(pvalue, 4), value_length);
 
     if (!hash_insert(hash, pkey, pvalue)) {
-      /* There are some untraceable attribute bugs caused by the CMA that
-       * can cause this to happen.  I think the only safe thing to do is
-       * to delete all attributes.  Another symptom of the bug is the
-       * value_length (above) is set to a random value, which can also
-       * cause a bug. */
-      freelog(LOG_ERROR, _("There has been a CMA error.  "
-                          "Your CMA settings may be broken."));
       free(pvalue);
       free(pkey);
-      hash_delete_all_entries(hash);
-      return FALSE;
+      goto error;
     }
   }
   return TRUE;
+
+ error:
+  /* There are some untraceable attribute bugs caused by the CMA that
+   * can cause this to happen.  I think the only safe thing to do is
+   * to delete all attributes. */
+  freelog(LOG_ERROR, _("There has been a CMA error.  "
+                      "Your CMA settings may be broken."));
+  hash_delete_all_entries(hash);
+  return FALSE;
 }
 
 /****************************************************************************
[Prev in Thread] Current Thread [Next in Thread]