Complete.Org: Mailing Lists: Archives: freeciv-dev: October 2005:
[Freeciv-Dev] (PR#14178) client crash in color_system_free

[Freeciv-Dev] (PR#14178) client crash in color_system_free

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

Subject:	[Freeciv-Dev] (PR#14178) client crash in color_system_free
From:	"Jason Short" <jdorje@xxxxxxxxxxxxxxxxxxxxx>
Date:	Mon, 3 Oct 2005 21:36:28 -0700
Reply-to:	bugs@xxxxxxxxxxx

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=14178 >

(gdb) bt
#0  0xb797f9e7 in raise () from /lib/tls/libc.so.6
#1  0xb798131b in abort () from /lib/tls/libc.so.6
#2  0xb79bd015 in free_check () from /lib/tls/libc.so.6
#3  0xb79bce55 in free () from /lib/tls/libc.so.6
#4  0x08119a24 in color_free (color=0x92079c0) at colors.c:79
#5  0x0805dcf2 in color_system_free (colors=0x82a0418) at 
colors_common.c:205
#6  0x08083d46 in tileset_free_toplevel (t=0x8266900) at tilespec.c:783
#7  0x08083d77 in tileset_free (t=0x8266900) at tilespec.c:794
#8  0x08058c42 in ui_exit () at civclient.c:372
#9  0x08125bb5 in quit_dialog_response (dialog=0x91dece8, response=-8)
     at gui_main.c:1601


==28603== Invalid read of size 4
==28603==    at 0x805DCE6: color_system_free (colors_common.c:205)
==28603==    by 0x8083D45: tileset_free_toplevel (tilespec.c:783)
==28603==    by 0x8083D76: tileset_free (tilespec.c:794)
==28603==    by 0x8058C41: ui_exit (civclient.c:372)
==28603==    by 0x8125BB4: quit_dialog_response (gui_main.c:1601)

==28603==  Address 0x1C15770C is 44 bytes inside a block of size 224 free'd
==28603==    at 0x1B9003C3: free (vg_replace_malloc.c:235)
==28603==    by 0x805DCB1: color_system_free (colors_common.c:202)
==28603==    by 0x8083D45: tileset_free_toplevel (tilespec.c:783)
==28603==    by 0x8083D76: tileset_free (tilespec.c:794)
==28603==    by 0x8058C41: ui_exit (civclient.c:372)
==28603==    by 0x8125BB4: quit_dialog_response (gui_main.c:1601)

Index: client/colors_common.c
===================================================================
RCS file: /home/freeciv/CVS/freeciv/client/colors_common.c,v
retrieving revision 1.11
diff -p -u -r1.11 colors_common.c
--- client/colors_common.c      21 Sep 2005 03:10:20 -0000      1.11
+++ client/colors_common.c      4 Oct 2005 04:34:58 -0000
@@ -199,12 +199,12 @@ void color_system_free(struct color_syst
       color_free(colors->player_colors[i].color);
     }
   }
-  free(colors->player_colors);
   for (i = 0; i < ARRAY_SIZE(colors->terrain_colors); i++) {
     if (colors->terrain_colors[i].color) {
       color_free(colors->player_colors[i].color);
     }
   }
+  free(colors->player_colors);
   while (hash_num_entries(colors->terrain_hash) > 0) {
     const char *key = hash_key_by_number(colors->terrain_hash, 0);
     const void *rgb = hash_value_by_number(colors->terrain_hash, 0);

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] (PR#14178) client crash in color_system_free, Jason Short <=

Prev by Date: [Freeciv-Dev] Re: (PR#14144) Data: Nations overhaul step 3, legends
Next by Date: [Freeciv-Dev] (PR#14179) citydlg memory leak
Previous by thread: [Freeciv-Dev] (PR#14176) client cityrep crash
Next by thread: [Freeciv-Dev] (PR#14179) citydlg memory leak
Index(es):
- Date
- Thread