[CF-Devel] Server crash in the arena

crossfire-devel-admin at archives.real-time.com crossfire-devel-admin at archives.real-time.com
Tue Jun 10 23:00:10 CDT 2003 

H. S. Teoh wrote:

>
     
      To which I might add, not long after the problem with bonecrushers, other
     
     >
     
      arches started to become corrupted (hats became "/pupland/terminal",
     
     >
     
      etc.), the dragon transport to pupland became closed (probably because the
     
     >
     
      slaying field got corrupted). The problems started to get worse, until I
     
     >
     
      forced a server crash so that it would reset itself. It looks like a
     
     >
     
      dangling pointer bug, to me.
     
     
  I thought I noticed an extraneous free_string when I was working on the skill 
code, but didn't bother to fix it for whatever reason.

  I looked through a diff of the code as I have it now, and didn't find 
anything.  OTOH, diff of the server directory make a 17,000 line diff file.

  I can't remember the details now.  It was one of these two things:

1) A free_string was being done on something in which decrease_ob was called 
later on.  At one point, this object was non mergable, so that that decrease_ob 
effectively destroyed the object - since the object is now mergable, multipe 
free_strings could be called.

2) a free_string was called, but the pointer (op->name, op->slaying, etc) was 
set to anything after that.  Thus, if the function was called again, op->name 
(or whatever it was) would still seem to point to something, so free_string was 
called again.

  the end result in either case was that at some point, all the references to 
the string would be freed, so the shared string library would recycle that 
address. And this really matches the description given in the bug.

  The real fix for this is for FREE_AND_CLEAR_STR to be used instead of 
free_string in most all cases - this resets the pointer to NULL, so you'd either 
notice the problem quickly (item xyz has no name anymore), or it'd fix that 
double free problem.

  However, such a change should really wait until I check in all the code I've 
modified, which should hopefully be in the next week or two.



_______________________________________________
crossfire-devel mailing list
     
     crossfire-devel at lists.real-time.com
     
     
     https://mailman.real-time.com/mailman/listinfo/crossfire-devel

More information about the crossfire mailing list