[Freeciv-Dev] Re: (PR#13383) Memory error in hunter code
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
<URL: http://bugs.freeciv.org/Ticket/Display.html?id=13383 >
Marko Lindqvist wrote:
> <URL: http://bugs.freeciv.org/Ticket/Display.html?id=13383 >
>
> From valgrind:
>
> ==18897== Invalid read of size 4
> ==18897== at 0x8100249: ai_hunter_try_launch (aihunt.c:261)
> ==18897== by 0x8100CD5: ai_hunter_manage (aihunt.c:495)
> ==18897== by 0x810946F: ai_manage_military (aiunit.c:1960)
> ==18897== by 0x810A566: ai_manage_unit (aiunit.c:2149)
> ==18897== by 0x810B1A1: ai_manage_units (aiunit.c:2248)
> ==18897== by 0x80FF72D: ai_do_first_activities (aihand.c:426)
> ==18897== by 0x8051039: main_loop (srv_main.c:453)
> ==18897== by 0x8051AC2: srv_main (srv_main.c:1962)
> ==18897== by 0x804A99A: main (civserver.c:242)
> ==18897== Address 0x25E3D7AC is 4 bytes inside a block of size 192 free'd
> ==18897== at 0x2598579D: free (vg_replace_malloc.c:152)
> ==18897== by 0x805BDC6: server_remove_unit (unittools.c:1605)
> ==18897== by 0x805F044: wipe_unit_spec_safe (unittools.c:1666)
> ==18897== by 0x805FAA0: kill_unit (unittools.c:1831)
> ==18897== by 0x809B246: handle_unit_attack_request (unithand.c:899)
> ==18897== by 0x809AC25: handle_unit_move_request (unithand.c:1120)
> ==18897== by 0x8104EFE: ai_unit_attack (aitools.c:921)
> ==18897== by 0x81050B4: ai_unit_execute_path (aitools.c:162)
> ==18897== by 0x8100CBB: ai_hunter_manage (aihunt.c:489)
> ==18897== by 0x810946F: ai_manage_military (aiunit.c:1960)
> ==18897== by 0x810A566: ai_manage_unit (aiunit.c:2149)
> ==18897== by 0x810B1A1: ai_manage_units (aiunit.c:2248)
Can you reproduce this?
Clearly the unit is dying inside ai_unit_execute_path called from
aihunt.c:489. A little later in aihunt.c:495 the unit is accessed.
However it looks like the aihunt code correctly checks the return value
of ai_unit_execute_path. So you'd think the bug is inside
ai_unit_execut_path. But here there is a correct call to
find_unit_by_id. So I don't see how this can happen.
-jason
- [Freeciv-Dev] Re: (PR#13383) Memory error in hunter code,
Jason Short <=
|
|