Re: [bug] bpl21 boards

From: Russell Ryan (rjwr10@hotmail.com)
Date: 09/22/02


> See this is the exact same thing, just different message to free that gg
> replied to as not crashing for him and just threw it in the trash. I tried
> see if I could fix it. I failed. Shouldn't have taken more than a tops of
> half a dozen hours, but I gave up after a half hour. Went back another
day,
> gave up again. And I threw it in the trash as well. Wasn't too important
> except it crashes the mud when it goes down.
>
> >From: Russell Ryan <rjwr10@HOTMAIL.COM>
 I wrote a message on the immortal
> >board (regular message, ie not blank etc.) and then removed it, I
shutdown
> >the mud and got an assertion failure in dbgheap.c, backtraced to free()
> >then to Board_clear_board() called by Board_clear_all.
> >
> >heres the bit of code where it crashes
*snip*

Yeah I wrote that email a while ago, the problem came back and I fixed it
again, but I think I found the real reason it was happening, not just a
quick fix like the last one. Heres what I did:
In boards.c: in Board_remove_msg( ... )
After all the checks are made to see if this person has permission to remove
the message etc. It actually removes it from its position in the board
message array, It then moves all the messages that come after the removed
message up one spot in the board array to close up the space. This is the
loop that performs that:
  for (; ind < num_of_msgs[board_type] - 1; ind++) {
     MSG_HEADING(board_type, ind) = MSG_HEADING(board_type, ind + 1);
+   MSG_HEADING(board_type, ind+1) = NULL;
     MSG_SLOTNUM(board_type, ind) = MSG_SLOTNUM(board_type, ind + 1);
+   MSG_SLOTNUM(board_type, ind + 1) = -1;
     MSG_LEVEL(board_type, ind) = MSG_LEVEL(board_type, ind + 1);
+   MSG_LEVEL(board_type, ind + 1) = 0;
  }

you can see the lines I added prefixed with a +
Before these lines were added, it would move all the messages up one spot to
fill the spot created by removing the message. The problem was that when it
moved the last message up, it left the pointers and data from the previous
message in the very last message as well as the message it was moved up
from. When the mud quits, it frees up all the boards. When it free'd the
first instance of the last message, then the pointers in the second instance
pointed to invalid data, which the loop would free after that, causing the
assertion failure. What I did was set the data and pointers to null as it
copied all that to the previous message so we wouldn't end up with invalid
data on the last message.

hope this helps someone,
rj

--
   +---------------------------------------------------------------+
   | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
   | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
   | Newbie List:  http://groups.yahoo.com/group/circle-newbies/   |
   +---------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 06/25/03 PDT