#42499: savegame3.c: Multiresearch load memory corruption
Open Date: 2021-06-09 12:24
Last Update: 2021-06-09 17:10
URL for this Ticket:
https://osdn.net//projects/freeciv/ticket/42499
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=42499
---------------------------------------------------------------------
Last Changes/Comment on this Ticket:
2021-06-09 17:10 Updated by: cazfi
* Resolution Update from None to Accepted
* Milestone Update from (None) to 3.0.0-beta3
---------------------------------------------------------------------
Ticket Status:
Reporter: cazfi
Owner: (None)
Type: Bugs
Status: Open
Priority: 5 - Medium
MileStone: 3.0.0-beta3
Component: Server
Severity: 5 - Medium
Resolution: Accepted
---------------------------------------------------------------------
Ticket details:
sg_load_researches() has a multiresearch related block, where it
1) first allocates memory for an int vector, but then immediately overwrites pointer to that memory by result of secfile_lookup_int_vec()
2) later it free() using that pointer. Results of secfile_lookup_...() should never be freed individually (they get freed when entire secfile is destroyed). The originally allocate memory (to which there remains no pointer to) never gets freed.
--
Ticket information of Freeciv project
Freeciv Project is hosted on OSDN
Project URL: https://osdn.net/projects/freeciv/
OSDN: https://osdn.net
URL for this Ticket:
https://osdn.net/projects/freeciv/ticket/42499
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=42499