[ bzflag-Bugs-412719 ] bzfs crashes

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Bugs item #412719, was updated on 2001-03-31 09:47
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103248&aid=412719&group_id=3248

Category: None
Group: None
Status: Open
Priority: 5
Submitted By: Frank Thilo (chestal)
Assigned to: Nobody/Anonymous (nobody)
Summary: bzfs crashes

Initial Comment:
bzfs crashes about once a day for me. This in on an
Intel P75 Debian Linux with kernel 2.2.18. It dumps
core with a segmentation violation. I did a post mortem
debugging with gdb on several occassions. At least
twice I found out the following:

call stack:

#0  0x400ce9b7 in free () from /lib/libc.so.6
#1  0x40043624 in __builtin_vec_delete () from
/usr/lib/libstdc++-libc6.1-2.so.3
#2  0x8054ab1 in removePlayer (playerIndex=6) at
bzfs.cxx:3251
#3  0x804c7c3 in prealwrite (playerIndex=6,
b=0xccce0400, l=33556224) at bzfs.cxx:1191
#4  0x804c862 in pflush (playerIndex=6) at bzfs.cxx:1205
#5  0x805d126 in main (argc=28, argv=0xbffffa84) at
bzfs.cxx:5287

It crashes in removePlayer() when performing

    delete[] player[playerIndex].outmsg;

The outmsg pointer points to non-allocated memory.
Actualy, that is the reason, why prealwrite fails wehen
calling send (EFAULT) and tries to remove the player.

Has anyone else experienced this? bzfs should produce
the following diagnostic output before crashing:

error on write: Bad address
player is 6 (deckard)

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103248&aid=412719&group_id=3248