empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix seqno mismatch and use-after-free in shp_sweep()

Browse source 
The code wrote the swept sector after calling shp_check_one_mines().
This failed to use up the mine that hit the minesweeper, and triggered
a seqno mismatch oops.

The code wrote the minesweeper after calling shp_check_one_mines().
This used freed memory when the minesweeper got sunk there.

Broken in 4.0.17.  Fix by moving both calls before
shp_check_one_mines().
This commit is contained in:
Markus Armbruster 2008-06-28 09:15:49 -04:00
parent 6d38a04930
commit b0644e822c
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/lib/subs/shpsub.c
View file

@ -215,13 +215,13 @@ shp_sweep(struct emp_qelem *ship_list, int verbose, int takemob, natid actor)
} }
sect.sct_mines = mines; sect.sct_mines = mines;
mlp->unit.ship.shp_item[I_SHELL] = shells; mlp->unit.ship.shp_item[I_SHELL] = shells;
putship(mlp->unit.ship.shp_uid, &mlp->unit.ship);
putsect(&sect);
if (shp_check_one_mines(mlp)) { if (shp_check_one_mines(mlp)) {
stopping = 1; stopping = 1;
emp_remque(qp); emp_remque(qp);
free(qp); free(qp);
} }
putship(mlp->unit.ship.shp_uid, &mlp->unit.ship);
putsect(&sect);
} }
if (changed) if (changed)
writemap(actor); writemap(actor);