Actions
Bug #1854
openSegmentation in Qt client during server quit.
Status:
New
Priority:
Low
Assignee:
-
Category:
Qt-client
Target version:
-
Start date:
12/29/2025
Due date:
% Done:
0%
Estimated time:
Description
During the client's `tile_virtual_destroy()`, one of the pcity->tile pointers gets set to garbage.
The first half of `tile_virtual_destroy()` succeeds, but segfaults as soon as the code attempts to retrieve the pointer to the city. The city pointer is fine, but the pcity->tile pointer is garbage.
void tile_virtual_destroy(struct tile *vtile)
{
struct city *vcity;
if (!vtile) {
return;
}
if (vtile->units) {
unit_list_iterate(vtile->units, vunit) {
if (unit_is_virtual(vunit)) {
unit_virtual_destroy(vunit);
}
} unit_list_iterate_end;
unit_list_destroy(vtile->units);
vtile->units = nullptr;
}
vcity = tile_city(vtile);
if (vcity) {
if (city_is_virtual(vcity)) {
destroy_city_virtual(vcity);
}
tile_set_worked(vtile, nullptr);
}
free(vtile);
}
Here is the offending line:
vcity = tile_city(vtile);
Which calls `is_city_center()`:
struct city *tile_city(const struct tile *ptile)
{
struct city *pcity = ptile->worked;
if (pcity != nullptr && is_city_center(pcity, ptile)) {
return pcity;
}
return nullptr;
}
Which segfaults in `city_tile()` because the city tile pointer is corrupted in:
static inline bool is_city_center(const struct city *pcity,
const struct tile *ptile)
{
if (!pcity || !pcity->tile || !ptile) {
return FALSE;
}
return tile_index(city_tile(pcity)) == tile_index(ptile);
}
`city_tile()` is a macro:
#define city_tile(_pcity_) (_pcity_)->tile
Files
Actions