Hi all,
I looked a bit into this crash and see that it's because we end
up accessing unitialized data. The code in question is in function
run_farm() in flood_farm.c. When no usefarmer entries exist, we end up
allocating a two-element array that looks like this:
[0] uninitialized
[1] NULL
There's code in run_farm() that effectively does this:
if we found no usefarmers, set count = 1
allocate an array of count + 1 elements to hold the names
We'll end up referencing that 0'th element as though it's
valid---which it is not.
It seems like we should abort with an error if we find no usefarmer's
specified. But the code keeps going. It's not clear what the intent
is with allowing the code to proceed. I'll defer any further analysis
to someone who's more familiar with this part of flood. Maybe this
analysis thus far is of some help to someone.
Here's the smallest test-case XML configuration file that
triggers the crash:
<flood>
<farm>
<name>Bingo</name>
</farm>
</flood>
