#45767: "Double free or corruption" on assign_continent_flood()
Open Date: 2022-10-04 23:04
Last Update: 2022-10-04 23:12
URL for this Ticket:
https://osdn.net//projects/freeciv/ticket/45767
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=45767
---------------------------------------------------------------------
Last Changes/Comment on this Ticket:
2022-10-04 23:12 Updated by: cazfi
Comment:
Well addign_continent_flood() removes tile from a list it's currently iterating, and that's not _safe iterator (I don't think one exist for this). That's the case on all branches, and is likely very old bug - somehow it just has never caused failures before this particular autogame. With this information it's hard to estimate if this is critical issue wrt 3.0.4 release. Seems not to be a regression, but it's possible that I've just encountered the first crash that is coming to be a trend e.g. because some new dependency library version.
---------------------------------------------------------------------
Ticket Status:
Reporter: cazfi
Owner: (None)
Type: Bugs
Status: Open
Priority: 5 - Medium
MileStone: (None)
Component: (None)
Severity: 5 - Medium
Resolution: None
---------------------------------------------------------------------
Ticket details:
Got this in a S3_1 autogame. After several reproducing attempts got it again (maybe one has to configure with '--enable-testmatic', as that was the latest change in my reproducing attempts before it succeeded)
glibc reports "double free or corruption" from tile_list_remove() called when continent numbers are reassigned from check_terrain_change()
--
Ticket information of Freeciv project
Freeciv Project is hosted on OSDN
Project URL: https://osdn.net/projects/freeciv/
OSDN: https://osdn.net
URL for this Ticket:
https://osdn.net/projects/freeciv/ticket/45767
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=45767