[Freeciv-Dev] [bug #15323] server crash in tile_city() at common/tile.c:76

Thu, 11 Feb 2010 03:37:39 -0800 

Follow-up Comment #2, bug #15323 (project freeciv):

Tracking the bug further using valgrind reveals:


Conditional jump or move depends on uninitialised value(s)
   at 0x4334A6: aiferry_find_interested_city (aiferry.c:860)
   by 0x433C0F: ai_manage_ferryboat (aiferry.c:1077)
   by 0x4287E7: ai_manage_unit (aiunit.c:2256)
   by 0x428CDD: ai_manage_units (aiunit.c:2381)
   by 0x497491: ai_do_first_activities (aihand.c:436)
   by 0x408A43: ai_start_phase (srv_main.c:648)
   by 0x408ED2: begin_phase (srv_main.c:801)
   by 0x40B554: srv_running (srv_main.c:2049)
   by 0x40C1DE: srv_main (srv_main.c:2461)
   by 0x404867: main (civserver.c:359)
 Uninitialised value was created by a stack allocation
   at 0x433412: aiferry_find_interested_city (aiferry.c:838)


Use of uninitialised value of size 8
   at 0x511875: tile_city (tile.c:76)
   by 0x4334B7: aiferry_find_interested_city (aiferry.c:865)
   by 0x433C0F: ai_manage_ferryboat (aiferry.c:1077)
...

Conditional jump or move depends on uninitialised value(s)
   at 0x511882: tile_city (tile.c:78)
   by 0x4334B7: aiferry_find_interested_city (aiferry.c:865)
   by 0x433C0F: ai_manage_ferryboat (aiferry.c:1077)
...

Use of uninitialised value of size 8
   at 0x511888: tile_city (tile.c:78)
   by 0x4334B7: aiferry_find_interested_city (aiferry.c:865)
   by 0x433C0F: ai_manage_ferryboat (aiferry.c:1077)
...

Invalid read of size 8
   at 0x511888: tile_city (tile.c:78)
   by 0x4334B7: aiferry_find_interested_city (aiferry.c:865)
   by 0x433C0F: ai_manage_ferryboat (aiferry.c:1077)
...
 Address 0x700000026 is not stack'd, malloc'd or (recently) free'd

Process terminating with default action of signal 11 (SIGSEGV): dumping core
 Access not within mapped region at address 0x700000026
   at 0x511888: tile_city (tile.c:78)
   by 0x4334B7: aiferry_find_interested_city (aiferry.c:865)
   by 0x433C0F: ai_manage_ferryboat (aiferry.c:1077)
...


Another observation: the crash *only* occurs if the server is compiled with
--enable-debug=no otherwise also valgrind does not find any related
problems.

Looking in the code, it looks like the pf_map pfm in
aiferry_find_interested_city() is not properly initialized, because iterating
over the positions produces some invalid positions, the first valgrind error
corresponds to

if (pos.turn >= turns_horizon)

in line 860 of aiferry.c where pos.turn was used but not initialized
previously.


Andreas


    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?15323>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
[email protected]
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to