[CF-Devel] How can this have happened? (crashing bug)
Jan Echternach
echter at informatik.uni-rostock.de
Mon Apr 9 14:14:50 CDT 2001
On Sun, Apr 08, 2001 at 04:12:33PM -0700, Peter Mardahl wrote:
>
So it all boils down to: why does this fireball have "op->more"?
I only have a 0.95.7-cvs version around here, so maybe the following
comments don't apply anymore: The random map code uses
insert_ob_in_map() without checks for destroyed objects. I'm
especially worried about insert_multisquare_ob_in_map() because it
first inserts the head of the object (which may get destroyed by that
operation) before creating the other parts of the object (which would
get a freed object as their head!) and some other breakage of that
kind. Another likely candidate for not checking for freed objects is
server/monster.c.
Anyhow, using pointers to freed objects is the most likely cause of
that kind of object corruption, and insert_ob_in_map() may free
objects rather unexpectedly. A problem can be that the broken code
doesn't need to have any relation to fireballs or arch angels.
BTW, do you now where the fireball was coming from? Was it put on the
random map when the map was created?
I've also noticed some unreliable code in nuke_map_region() and
remove_monsters(). Both functions require that there is a floor object
on each map square (they effectively perform a
tmp = get_map_ob(...)->above; whenever they have something deleted).
Fix would be to move that tmp = tmp->above into the loop body as an
else branch.
--
Jan
More information about the crossfire
mailing list