Hi all, I looked a bit into this crash and see that it's because we end up accessing unitialized data. The code in question is in function run_farm() in flood_farm.c. When no usefarmer entries exist, we end up allocating a two-element array that looks like this: [0] uninitialized [1] NULL There's code in run_farm() that effectively does this: if we found no usefarmers, set count = 1 allocate an array of count + 1 elements to hold the names We'll end up referencing that 0'th element as though it's valid---which it is not.
It seems like we should abort with an error if we find no usefarmer's specified. But the code keeps going. It's not clear what the intent is with allowing the code to proceed. I'll defer any further analysis to someone who's more familiar with this part of flood. Maybe this analysis thus far is of some help to someone. Here's the smallest test-case XML configuration file that triggers the crash: <flood> <farm> <name>Bingo</name> </farm> </flood>