Re: Memory corruption in file_to_string and file_to_string_alloc?

From: Mike Breuer (mbreuer@new.rr.com)
Date: 11/13/01


----- Original Message -----
From: "Artovil" <artovil@ARCANEREALMS.ORG>


> ....I noticed that the mud SIGSEGV's when I view a text
> file in the mud, and then reload any of the textfiles.
>
>  > credits
> ...
>  > reload imotd
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x808ba15 in file_to_string_alloc (name=0x80f85bf "text/credits",
> buf=0x81164bc) at db.c:3238
> 3238        if (in_use->showstr_vector && *in_use->showstr_vector == *buf)

Looks like a bug to me alright.  Most places in the code use showstr_count
to determine whether showstr_vector is valid.  So if you want to be
consistent, change the above line to:

    if (in_use->showstr_count && *in_use->showstr_vector == *buf)

Personally, I don't like keeping around pointers to memory that is no longer
valid, and I think that a better fix would be in show_string(..) (modify.c):

  /* Q is for quit. :) */
  if (LOWER(*buf) == 'q') {
    free(d->showstr_vector);
+   d->showstr_vector = NULL;
    d->showstr_count = 0;

and further down:

  /* If we're displaying the last page, just send it to the character, and
   * then free up the space we used.
   */
  if (d->showstr_page + 1 >= d->showstr_count) {
    send_to_char(d->showstr_vector[d->showstr_page], d->character);
    free(d->showstr_vector);
+   d->showstr_vector = NULL;
    d->showstr_count = 0;

This would make the test in file_to_string_alloc(..) valid, though it should
probably still change for consistency.

Mike

--
   +---------------------------------------------------------------+
   | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
   | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
   +---------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/06/01 PST