buginator <buginator@...> commented

(In Warzone2100/warzone2100@1a6fb8a) Fix another memory clobbering issue. (dereferenced pointer)

Patch Author: Safety0ff
fixes #2300

Original detective work done by Ai_Tak (#1656)

Signed-off-by: buginator <buginator@>

Buginator changed _comment0 which not transferred by tractive

buginator <buginator@...> changed status from new to closed

buginator <buginator@...> changed resolution from `` to fixed

Buginator uploaded file val_no_fe.txt (1.4 KiB)

Buginator uploaded file val_with_fe.txt (2.0 KiB)

Buginator uploaded file val_wPatch_fe.txt (1.2 KiB)

Buginator uploaded file val_wPatch_sa_fe.txt (1.2 KiB)

Buginator uploaded file warzone2100.gdmp-DXGWAl.txt (9.9 KiB)

Buginator changed _comment0 which not transferred by tractive

buginator <buginator@...> commented

In Warzone2100/warzone2100@1a6fb8a:

#CommitTicketReference repository="" revision="1a6fb8a7547f23ce2bd7af153ac839cba999e2b0"
Fix another memory clobbering issue. (dereferenced pointer)

Patch Author: Safety0ff
fixes #2300

Original detective work done by Ai_Tak (#1656)

Signed-off-by: buginator <buginator@>

Buginator commented

The deal is, when you run normal valgrind, then you get val_no_fe.txt.
Notice the invalid reads.

When you set valgrind to fill the free()ed memory with 0xfe, (--fill-free=0xfe then you get val_with_fe.txt, and also the crash dump.

The final results are in val_wPatch_sa_fe.txt, and we don't have invalid reads anymore.

cybersphinx <chr.ohm@...> commented

(In Warzone2100/warzone2100@34112c9) Fix another memory clobbering issue. (dereferenced pointer)

Patch Author: Safety0ff
fixes #2300

Original detective work done by Ai_Tak (#1656)

Signed-off-by: buginator buginator@gna.org
(cherry picked from commit 1a6fb8a7547f23ce2bd7af153ac839cba999e2b0)

cybersphinx <chr.ohm@...> commented

In Warzone2100/warzone2100@34112c9:

#CommitTicketReference repository="" revision="34112c9e2bb5da22eac9e4a5ecb71229b6df07d2"
Fix another memory clobbering issue. (dereferenced pointer)

Patch Author: Safety0ff
fixes #2300

Original detective work done by Ai_Tak (#1656)

Signed-off-by: buginator <buginator@gna.org>
(cherry picked from commit 1a6fb8a7547f23ce2bd7af153ac839cba999e2b0)

Safety0ff commented

I don't really consider this "fixed", I've been looking at that part of the code lately and understanding it more and more.

This type of error likely only occurs when a Callback event uses the setTrigger function, but there could potentialy be other ways for setTrigger calls to mess things up.

Anyways, I'm sure that deferred deletion would solve this and it will also handle the case where multiple events are triggered and one calls setTrigger for one of those other events.

I'd rather this not be "swept under the rug".