The initial parts of struct loststr and struct empobj must match.
Commit 49780e2c screwed that up for members lost_uid/uid, which also
broke the equivalence of lost_owner/own. Since lost_uid is not used,
the former had no effect. But the latter broke xdvisible(). Could
make xdump lost leak information.
Commit a680c811 reorderd struct loststr members to make lost_timestamp
equivalent to new struct empobj member timestamp, but failed due to
the bug in commit 49780e2c. Commit f33b96b1 then set the timestamp
through empobj, which screwed up timestamps in lostitems, i.e. it
broke incremental xdump lost.
All of the above is in v4.3.12.
Commit 536ef0b0 (v4.3.15) added lost_seqno / seqno. No effect,
because only seqno is used.
(cherry picked from commit eb252201b6)
Output often arrives in chunks other than lines. Hard to read in the
journal. Delay journalling until we got a full line or our buffer is
exhausted. This is less precise, but it'll do for now.
To enable, set econfig key keep_journal to at least 2. Output events
are *not* flushed to disk immediately.
Put it in Hvy Metal II now to gather real data for future testing of a
journal replay tool.
Redundant information, but makes the journal easier to read. The
redundancy might help making a journal replay tool robust.
Put it in Hvy Metal II now to gather some real data.
Before, we used the value of empth_thread(). That can be mapped to
countries by tracking login and logout. Easy for machines (except
when the journal is rotated while players are logged in), but tedious
for humans.
Quick version for Hvy Metal II. Needs further work for the stock
code.
Commit 79407e68 (v4.3.11) changed recvclient() to keep failing after
receiving EOF from player. This was bad, because some places getting
input check player->aborted instead of recvclient() failure, and
player->aborted wasn't set on EOF. Bugs caused by this:
* comm_bomb(), ship_bomb(), plane_bomb(), land_bomb() went into an
infinite loop that eventually ate all memory.
* deli(), desi(), dist(), fly(), morale(), zdon(), att_prompt(),
ask_move_in() interpreted EOF as empty input instead of no more
input.
* cmd_sail_ship() dereferenced a null pointer.
Fix by setting player->aborted on EOF, too.
(cherry picked from commit b3a7a8ee11)
Reading input fails after EOF and while the current command is
aborted. Commands should detect that and fail. If a command neglects
to do that in a loop, the loop can become infinite. This is
especially bad after EOF, because then the client might not read
output anymore. Output gets buffered until memory runs out.
Mitigate such bugs by counting how many calls have failed in a row,
oopsing on the 256th, and sleeping one minute from the 256th on.
(cherry picked from commit 49c24d7b78)
fly() reads the carrier, then passes it to pln_dropoff(), which writes
it back. fly() also calls pln_oneway_to_carrier_ok(), which updates
the carrier when its plane summary information is incorrect.
The old code called it between reading the carrier and passing it to
pln_dropoff(). This made pln_dropoff() wipe out the plane summary
update, and triggered a seqno mismatch oops. Broken by introduction
of pln_oneway_to_carrier_ok() in commit 1127762c, v4.2.17.
Fix by reading the carrier right before passing it to pln_dropoff().
(cherry picked from commit 42d9475d89)
Missile interdiction leaves behind used up missiles with the
PLN_LAUNCHED flag set. This can lead to a bogus warning from
pln_zap_transient_flags() on server restart.
Change pln_zap_transient_flags() to ignore dead planes.
(cherry picked from commit 7a06a58bec)
Commit 7ca4f412 (v4.3.12) marked planes flying a sortie with
PLN_LAUNCHED, and made pln_arm() reject planes with that flag set.
This was designed to reject escorts that were already flying as
bombers. It didn't work, because the test for PLN_LAUNCHED used a
stale copy of the plane created by pln_sel(). Fix by getting a fresh
copy.
The bug always existed, but the botched fix in commit 7ca4f412 made it
worse. Before, ac_encounter() dropped escorts that were also bombers,
so the bug merely wasted plane fuel. After, such planes were
effectively duplicated, and damage to one of them, usually the bomber,
was wiped out. Abusable.
(cherry picked from commit 801780043f)
The code wrote the swept sector after calling shp_check_one_mines().
This failed to use up the mine that hit the minesweeper, and triggered
a seqno mismatch oops.
The code wrote the minesweeper after calling shp_check_one_mines().
This used freed memory when the minesweeper got sunk there.
Broken in 4.0.17. Fix by moving both calls before
shp_check_one_mines().
(cherry picked from commit b0644e822c)
This happened when fire command failed becayse the gun lacked shells,
and when other ways to fire failed because the gun was inefficient,
embarked, lacked mil, guns or shells.
Broken in commit b8bdc32b, hvy-metal-2.4.
ask_olist() let non-light land units board ships that can carry only
light units. If the board succeeds, the non-light unit move onto the
ship and then are stuck there.
(cherry picked from commit 6d38a04930)
Work percentage should have been documented in commit 233fce87,
v4.3.0.
Empire clock should have been documented in commit d3e0597f, v4.3.10.
(cherry picked from commit 4a67080656)
perform_mission() needs to know whether it is targeting ships or
something else, because the rules differ: submarines interdict only
ships, land units get their damage reduced when interdicting ships,
and different news are generated.
The old code assumed it was targeting ships when the target sector was
sea. Wrong when interdicting ships in harbors, bridges and such.
This has always been broken. Except when checking a submarine's
target: there it tested argument s, which is gross, but at least it
works. That code was added in v4.0.8.
Replace the broken test by the gross hack everywhere. This fixes news
and damage from land units when ships get interdicted in non-sea
sectors.
(cherry picked from commit 3e251b474f)
Commit 092a52f2 (v4.3.4) removed the code to estimate defense, because
the use of the estimate had been disabled since v4.0.0. This
accidentally removed the reporting of defending units, because
get_dlist() reported them when called for an estimate, and not when
called for real.
Fix by removing the unused estimate capability from get_dlist(). It
now reports defending units always.
(cherry picked from commit 64f44e9904)
Before s_commod() attempts to recursively supply a supply unit it
wants to use as supply source, it zaps the unit's load. When
actually_doit is false, it later restores the old load by overwriting
the change with a saved copy of the unit. That triggers a seqno
mismatch oops.
Avoid that by copying the new sequence number to the saved copy.
(cherry picked from commit aacd0fb754)
Change supply_commod() and try_supply_commod() not to call s_commod()
when zero units are wanted.
This isn't just for efficiency, it's also for limiting exposure to
supply bugs a bit.
(cherry picked from commit 7f17369491)
The value of diffx() had the wrong sign when the arguments differed by
WORLD_X / 2. Same for diffy() and WORLD_Y / 2. satmap() used them to
find the vector from map center to ship or land unit to put on the
map, and got incorrect values for ships and land units directly
opposite to the center in x or y. The bug made satmap() read a
pointer out bounds of its malloced radbuf[], and then write through
that with unpredictable consequences.
Broken in 4.2.12. The original bug was in Empire 1.1: it
miscalculated where to put ships on the map (no crash). An incomplete
fix for radmap() and satmap() appeared in Chainsaw 2 (still no crash).
radmap() got fixed correctly in Chainsaw 3, but satmap() was
forgotten. That one got "fixed" in 4.2.7, and again in 4.2.12, but
both "fixes" were flawed and could crash.
Fix by backing out the flawed fixes and adopting the fix from radmap()
instead.
(cherry picked from commit 0cc474bd6d)
Broken in commit 5f764285 (v4.3.12) for negative multiples of WORLD_X
and WORLD_Y, respectively.
This could theoretically lead to buffer overruns and other
unpleasantness. None have been reproduced, though.
(cherry picked from commit 7680acc39f)
load_land_ship() and load_land_land() automatically resupply the land
units they load. This can draw supplies from the sector where the
land units are. When load() and lload() later update the sector, they
wipe out the update made for drawing supplies, and we get a seqno
mismatch oops. Highly abusable.
navi() reads the ships into a list. When the ships get interdicted,
and lack flak shells, ac_shipflak() tries to get one and updates the
ship. When the ship in the list is later written back, e.g. to apply
interdiction damage, the flak shell is wiped out, and we get a seqno
mismatch oops.
Disable automatic flak shell supply in ac_ship_flak() for now. This
is related to commit f7d61817, which disabled automatic supply of
shells in ac_doflak() and shp_missile_defense().
Because supply_commod() updates supply sources it used, the caller
must not cache objects that could be supply sources across a supply
call. This is very easy to get wrong.
ac_doflak() supplies flak shells if the sector hasn't enough for its
guns. It caches the sector that receives them. If the sector has
some shells, but not enough, it supplies them to itself, causing it to
be updated from within supply_commod(). ac_doflak() then adds the
supplied shells to its cached sector, then writes that back. This
doubles shells already there, and triggers a a seqno mismatch oops.
shp_missile_defense() has similar problems, only for ships.
Disable ac_doflak() and shp_missile_defense() for now, to at least
reduce the oopsing to manageable levels.
Most likely other calls of supply_commod() are also wrong. Many of
them can't be just disabled, because supply is too relevant to
gameplay there.
Storing track in sectors is problematic, because we need to update
adjacent sectors when updating a sector in a way that changes its
capability to extend railway into its neighbors. This invalidates
cached adjacent sectors, and calling code may not be prepared for
that. Specifically, bridge building caches the bridge head, and
writes it back later, wiping out the track update.
Replace struct sctstr member sct_track by new sct_rail_track(). Make
selector track virtual. Remove the code to keep sct_track up-to-date:
set_railway(), update_railway().
Unfortunately, this causes cyclic dependencies between link libraries:
the virtual selector needs to be referenced from src/lib/global/nsc.c,
and it needs to reference stuff from src/lib/common/file.c. Hack
around it in Make.mk for now.
We don't want to starve tiny populations, because that would require
players to move trivial amounts of food after explore and such.
growfood() used to simply grow at least 1f when a sector was about to
starve. That food is almost never eaten by a tiny population, so we
effectively got some production without work. Fix by taking away that
free food after people ate, in do_feed().
This catches output dependency violations, e.g. two threads doing a
read-modify-write without synchronization.
New struct emptypedstr member seqno. Make sure all members of unit
empobj_storage share it. Set it in ef_blank() and ef_set_uid(), step
it in ef_write(). fairland and files don't use ef_set_uid(); need to
set it manually in files.c's main() and file_sct_init().
Factor do_read() out of fillcache() to make it available for
new get_seqno().
A sector type's terrain (struct dchrstr member d_terrain) is the
sector type of its underlying terrain. Sector types occuring in
d_terrain are terrain types, and must have their own type in
d_terrain. Players can change sector types only to those with the
same terrain.
The builtin configuration defines terrain types sea, mountain,
wasteland, wilderness and plains. It gives bridge span and tower
terrain sea, and everything else terrain wilderness. Hence, the stock
game remains unchanged.
Deities can use terrain to create sector types that can be developed
only in limited ways.
