Incidencia #48290

team_new() NULL tslot reference

Abrir Fecha: 2023-06-25 22:46 Última actualización: 2023-07-16 11:19

Informador:
Propietario:
Tipo:
Estado:
Cerrado
Componente:
Prioridad:
5 - Medium
Gravedad:
5 - Medium
Resolución:
Fixed
Fichero:
6

Details

Clang analyzer S3_1:

../../../src/common/team.c:340:15: warning: Access to field 'team' results in a dereference of a null pointer (loaded from variable 'tslot') [core.NullDereference]
  tslot->team = pteam;

I think there's an actual bug that tslot IS left as NULL after the earlier iteration to find a free slot. When called from team_add_player() there might be max number of both players and teams already (both MAX_NUM_PLAYER_SLOTS), *and* the attempt to create a new team is before freeing the old one.

Ticket History (3/14 Histories)

2023-06-25 22:46 Updated by: cazfi
  • New Ticket "team_new() NULL tslot reference" created
2023-06-25 22:46 Updated by: cazfi
  • Details Updated
2023-07-09 10:08 Updated by: cazfi
2023-07-10 07:44 Updated by: cazfi
  • Propietario Update from (Ninguno) to cazfi
  • Resolución Update from Ninguno to Accepted
Comentario

Reply To cazfi

I think there's an actual bug

No upper level code is currently affected. S3_2 & main branch patches address the issue, but as the fix causes savegame format and network protocol breakage, that part is not backported to frozen branches. Also assert to player creation is added only in S3_2 & main.

2023-07-10 22:23 Updated by: cazfi
  • File 0019-Check-that-team_new-has-found-a-free-team-slot.patch (File ID: 12859) is attached
2023-07-10 22:25 Updated by: cazfi
  • File 0019-Check-that-team_new-has-found-a-free-team-slot.patch (File ID: 12859) is deleted
2023-07-10 23:01 Updated by: cazfi
Comentario

New versions of main & S3_2 patches, making researches_array big enough.

2023-07-16 11:19 Updated by: cazfi
  • Estado Update from Open to Cerrado
  • Resolución Update from Accepted to Fixed

Editar

Please login to add comment to this ticket » Entrar