Ticket #42499

savegame3.c: Multiresearch load memory corruption

Open Date: 2021-06-09 18:24 Last Update: 2021-06-18 15:07

Reporter:
Owner:
Type:
Status:
Closed
Component:
Priority:
5 - Medium
Severity:
5 - Medium
Resolution:
Fixed
File:
1

Details

sg_load_researches() has a multiresearch related block, where it

1) first allocates memory for an int vector, but then immediately overwrites pointer to that memory by result of secfile_lookup_int_vec()

2) later it free() using that pointer. Results of secfile_lookup_...() should never be freed individually (they get freed when entire secfile is destroyed). The originally allocate memory (to which there remains no pointer to) never gets freed.

Ticket History (3/5 Histories)

2021-06-09 18:24 Updated by: cazfi
  • New Ticket "savegame3.c: Multiresearch load memory corruption" created
2021-06-09 18:54 Updated by: cazfi
Comment

Also, it does not respect technology.order but assumes that ruleset has been unchanged since the game was saved.

2021-06-09 23:10 Updated by: cazfi
2021-06-18 15:07 Updated by: cazfi
  • Status Update from Open to Closed
  • Owner Update from (None) to cazfi
  • Resolution Update from Accepted to Fixed

Edit

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Login