UFO: Alien Invasion Issue Tracker

UFO: Alien Invasion

Wiki
- Quick links
- Wiki
- Project wikis
- UFO: Alien Invasion
- Global content

You are not logged in

UFO: Alien Invasion / Closed Submit Patch #4558 segfault - dangling pointer deref

This issue has been closed with status "Closed" and resolution "Not determined".

- No additional actions available

Issue basics

Type of issue

Submit Patch Unknown issue type
Issue label

No label set
Category

General Not determined
Targetted for

Not determined
Status

Closed

Status not determined
Progress
Priority

3. Normal Not determined

Affected by this issue (0)

There are no items

People involved

Posted by
polyvios (@polyvios)

polyvios
@polyvios

This user has not logged in yet

Show user details
Owned by

Not owned by anyone
Assigned to
mattn (@tlh2000)

Martin Gerhardy
@tlh2000

Last seen online at Apr 06, 2015 - 20:05

Show user details
Not assigned to anyone
Subscribers

0 subscriber(s)

Click here to show the list of subscribers

Times and dates

Posted at

Aug 27, 2009
Last updated

Jan 28, 2013
Estimated time

Not estimated
Time spent

No time spent

Click here to see time logged against this issue

Issue details

Resolution

Not determined
Reproducability

Not determined
Severity

Not determined
Complexity

Not determined
Platform

Not determined
Architecture

Not determined

Attachments (0)

There is nothing attached to this issue

Child issues (0)

This issue does not have any child issues

Duplicate issues (0)

This issue does not have any duplicates

Show / hide more details »

Description

[http://sourceforge.net/p/ufoai/patches/431 Item 431] imported from sourceforge.net tracker on 2013-01-28 20:39:33

To replicate the crash, connect and disconnect a few times repeatedly in the lobby.
The offending memory access happens on the irc_stream struct in cl_irc.c. The Irc_Net_Disconnect function calls NET_StreamFree which might free the memory of the stream struct. However, the global irc_stream pointer keeps pointing to the same (freed) memory. The next time the connect function is called, it checks irc_stream for NULL, and if not, it calls NET_StreamFree again on it. That might cause a segfault if the memory was actually freed during the first call. It might not, because NET_StreamFree doesn't always free the stream (memory leak?), so you might need to repeat a few times to replicate the crash. The quick fix is to set the global irc_stream pointer to NULL after freeing the stream in Disconnect.
===== Comments Ported from Sourceforge =====

====== polyvios (2009-08-27 19:52:11) ======

diff from current revision 25872
====== tlh2000 (2009-08-28 13:27:41) ======

Applied to trunk - thanks

Todos (0 / 0)

Options

Issue created

January 28, 2013 (20:50)
Admin (@administrator)
- Administrator
  @administrator
- Last seen online at Mar 06, 2021 - 20:46
- Show user details
Milestone changed from Not determined to Not determined
Category changed from Not determined to Not determined
Priority changed from Not determined to Not determined
Assignee changed to tlh2000
Posted by changed from Not determined to Not determined
Status changed from
Unknown
to
Unknown
by Admin (@administrator)
The issue was closed
The issue was updated: Description updated
The issue was created

Welcome to The Bug Genie

Please fill in your username and password below, and press "Continue" to log in.
If you have not already registered, please use the "Register new account" tab to do so.

Create an account

* Username
This username is invalid or in use
* Nickname
The "nickname" will be shown to other users
* E-mail address
* Confirm e-mail

Enter the number you see above

« Back

Welcome to The Bug Genie

Log in with your username and password

Create an account

Register a new account