empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix seqno mismatch and use-after-free in shp_sweep()

Browse source 
The code wrote the swept sector after calling shp_check_one_mines().
This failed to use up the mine that hit the minesweeper, and triggered
a seqno mismatch oops.

The code wrote the minesweeper after calling shp_check_one_mines().
This used freed memory when the minesweeper got sunk there.

Broken in 4.0.17.  Fix by moving both calls before
shp_check_one_mines().
(cherry picked from commit b0644e822c)
This commit is contained in:
Markus Armbruster 2008-06-28 09:15:49 -04:00
parent c40dd61bf0
commit fbefc139f4
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/lib/subs/shpsub.c
View file

@ -237,13 +237,13 @@ shp_sweep(struct emp_qelem *ship_list, int verbose, int takemob, natid actor)
}
sect.sct_mines = mines;
mlp->unit.ship.shp_item[I_SHELL] = shells;
putship(mlp->unit.ship.shp_uid, &mlp->unit.ship);
putsect(&sect);
if (shp_check_one_mines(mlp)) {
stopping = 1;
emp_remque(qp);
free(qp);
}
putship(mlp->unit.ship.shp_uid, &mlp->unit.ship);
putsect(&sect);
}
if (changed)
writemap(actor);