Project

General

Profile

Actions
Copy link

Bug #1646

open

Fixed a SIGSEGV in unit_order_list_is_sane()

Added by John Robertson 4 days ago. Updated 2 days ago.

Status:
In Review
Priority:
Normal
Assignee:
Marko Lindqvist
Category:
Server
Target version:
3.1.6
Start date:
08/05/2025
Due date:
% Done:

0%

Estimated time:

Description

For various reasons, during the save or load of a game file, if a unit's action list is rejected, the process will delete the working memory for the unit's "order's list" and set the order's list pointer to NULL.

Later, the 'data sanity check' accesses the NULL memory pointer and throws a SIGSEGV exception.

The proposed fix performs the following:
  • adds a guard against the use of the NULL pointer. But returns TRUE for sanity, as the list is empty.
  • provides additional cleanup by zeroing out the length value in the 'orders' structure. Note: zeroing out the length would have avoided the NULL memory access, but still leaves the 'sanity' ambiguous.
  • avoid the 'sanity' check on empty (NULL) order action lists for the unit. Note, the `punit->has_orders` could be refactored to only use the `puint->orders.length == 0`.

Files

Download all files
1646.patch (3.46 KB) 1646.patch John Robertson, 08/05/2025 08:02 AM
1646.v2.patch (3.36 KB) 1646.v2.patch John Robertson, 08/05/2025 06:08 PM
1646.v3.patch (6.52 KB) 1646.v3.patch John Robertson, 08/06/2025 08:17 PM
Actions
Copy link
 #1

Updated by John Robertson 4 days ago

Please review the proposed patch and recommend revisions as needed.

Actions
Copy link
 #2

Updated by John Robertson 4 days ago

The NULL check could be considered unnecessary, as the [now reliable] `orders.length 0` would suffice to both prevent access to the NULL pointer and default to returning sanity TRUE.

Actions
Copy link
 #3

Updated by John Robertson 4 days ago

Outside of the save/load game from file, the `punit->goto_tile` is cleared when the `punit->orders.list` and `punit->has_orders` are cleared. Replacement patch candidate clears the `punit->goto_tile` when clearing the unit's orders.

(With the `punit->orders.length` being cleared, the `orders == NULL` sanity check is redundant and removed.)

Actions
Copy link
 #4

Updated by Marko Lindqvist 4 days ago

Not necessary, but you may want to do the patch with 'git format-patch' instead of just 'git diff' to include meta information like your authorship over the patch. https://www.freeciv.org/wiki/How_to_Contribute#How_to_create_patch_file_with_Git

Actions
Copy link
 #5

Updated by Marko Lindqvist 3 days ago

  • Target version set to 3.1.6
Actions
Copy link
 #6

Updated by John Robertson 2 days ago

reformatted patch file

Actions
Copy link
 #7

Updated by Marko Lindqvist 2 days ago

  • Status changed from New to In Review
  • Assignee changed from John Robertson to Marko Lindqvist
Actions
Copy link

Also available in: Atom PDF