#1 Rogue Pointer in Game::increase_latency
Hi,
I have been poking around inside the latest CVS source
files, and have found what I belive to be two rogue
pointers. In mgame.cpp the functions
Game::increase_latency()
Game::decrease_latency()
both contain the following:
void Game::??_latency(int n)
{
// make sure both have identical lag !!
// to keep games synchronized (and to aid in pushing
synched fake data ???)
share(-1, &n);
Note that this is calling share() with a pointer to a
stack variable n. This then calls share_buffer(),
passing the same pointer and assigning it as follows:
share_address[Nshare] = value;
Thus, share_address[Nshare] now contains a pointer to
the stack. The stack unwinds beyond Game::??_latency()
, leaving the rogue pointer.
This pointer is later used when share_update() is
called from NormalGame::choose_new_ships(). This is
the stack dump that causes the problem. The void *
pointer passed to unbuffer() is the address on the
stack that was passed to share().
twwin_DEBUG.exe!Log::_unlog(int channel=0x00000004,
void * data=0x0012f5ec, int size=0x00000004) Line 271 C++
twwin_DEBUG.exe!Log::unbuffer(int channel=0x00000004,
void * data=0x0012f5ec, int size=0x00000004) Line
387 + 0x19 C++
twwin_DEBUG.exe!Log::unbuffer(int channel=0x00000004,
void * data=0x0012f5ec, int size=0x00000004) Line
387 + 0x19 C++
twwin_DEBUG.exe!share_update() Line 617 + 0x3f C++
twwin_DEBUG.exe!NormalGame::choose_new_ships()
Line 948 C++
twwin_DEBUG.exe!NormalGame::calculate() Line 431 +
0x10 C++
twwin_DEBUG.exe!Game::play() Line 919 + 0xd C++
twwin_DEBUG.exe!play_game(const char *
_gametype_name=0x00a11124, Log * _log=0x0466fea0) Line
1358 + 0x16 C++
twwin_DEBUG.exe!play_single(const char *
_gametype_name=0x00a11124, Log * _log=0x0466fea0) Line
1291 + 0xd C++
twwin_DEBUG.exe!MainMenu::doit() Line 1515 + 0xc C++
twwin_DEBUG.exe!tw_main(int argc=0x00000001, char * *
argv=0x002f4330) Line 1776 C++
twwin_DEBUG.exe!_mangled_main(int argc=0x00000001,
char * * argv=0x002f4330) Line 1603 + 0xd C++
An obvious patch for this is something like:
static int inc_lag_share;
void Game::increase_latency(int n)
{
inc_lag_share = n;
share(-1, &inc_lag_share);
...
}
But obviously without understanding what share() is
attempting to do, I don't know whether this would work
or even if it is valid. :-)
Modified mgame.cpp to fix the rogue pointer using the method described.