[http://sourceforge.net/p/ufoai/bugs/1998 Item 1998] imported from sourceforge.net tracker on 2013-01-28 19:14:56

Hello,

deleting the first aircraft in a base will result in a Null Pointer.

The aircraftCurrent pointer will get decremented below the first aircraft.

Bugfix:
changing >= to a >.

Patch is attached.
===== Comments Ported from Sourceforge =====

====== clarki (2009-01-16 12:24:34) ======

Sorry, i made an error.

The first Version i used (the one i commented out in the above attached patch) is the correct one.

It is attached now.
We have to add the check, that the pointer is not decreased below the bases first aircraft...
File Added: cp_aircraft.c.diff
====== geever (2009-01-17 09:03:20) ======

Could you explain how to reproduce this bug? I don't see any problem.

-geever
====== clarki (2009-01-17 09:30:47) ======

Steps to reproduce:
- Start a new game
- remove soldiers from your Firebird
- select the firebird as currntly selected aircraft in the base
- click buy/sell
- sell the firebird
- go back to base
=> Game crashes.

Error: Received signal 11.

Valgrind was used with another test scenario:
==5756== Invalid read of size 4
==5756== at 0x447B00: AIR_AircraftSelect (cp_aircraft_callbacks.c:208)
==5756== by 0x447A54: AIR_AircraftSelect_f (cp_aircraft_callbacks.c:190)
==5756== by 0x4C03D0: Cmd_ExecuteString (cmd.c:911)
==5756== by 0x4BF192: Cbuf_Execute (cmd.c:228)
==5756== by 0x42DB9E: CL_SendCommand (cl_main.c:1263)
==5756== by 0x42E0FE: CL_Frame (cl_main.c:1447)
==5756== by 0x4CD20C: tick_timer (common.c:1091)
==5756== by 0x4CD4FD: Qcommon_Frame (common.c:1172)
==5756== by 0x51D7D4: main (linux_main.c:97)


Other Method to reproduce:
- Build a base with more than one hangar
- buy 2 aircrafts (different models)
- select the first bought
- sell it
=> game WILL crash.

i think that this IS a problem :)
====== geever (2009-01-17 10:02:38) ======

Couldn't make it segfault but yes, this way can cause problems. Thanks for the patch!

-geever