URL:
<http://gna.org/bugs/?17672>
Summary: "/set rare X", "/set situational X" etc crash
server
Project: Freeciv
Submitted by: jtn
Submitted on: Tue Feb 8 01:27:59 2011
Category: None
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Assigned to: None
Originator Email:
Open/Closed: Open
Release: 2.2.4,2.3.0-beta3
Discussion Lock: Any
Operating System: None
Planned Release:
_______________________________________________________
Details:
Noticed while reading code:
server/stdinhand.c:set_command() calls lookup_option().
lookup_option() checks the names of option groups before checking individual
option names, and if it finds a match, returns the magic number -3.
Unfortunately, the caller (set_command()) doesn't check for -3 (only -1 and
-2). On S2_2 this causes an assertion failure in setting_by_number(). On
S2_3/trunk, the assertion has been removed, so the server segfaults a bit
later on. (I think S2_1 also does the wrong thing.)
Additionally, on S2_3/trunk only, lookup_option() checks for the specific
string 'rulesetdir', and returns -4 (again unhandled) if it finds it, so "/set
rulesetdir X" kills the server too.
I think these special behaviours in lookup_option() are primarily for the use
of '/show', and their bad effects on '/set' are a side effect.
These crashes can be provoked by anyone with 'basic' or higher access to the
server.
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?17672>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev
