From c3fcd4bf338ae3e5c74c9d85a1c8f087c3fd022d Mon Sep 17 00:00:00 2001 From: Giel van Schijndel Date: Fri, 28 Mar 2008 21:32:34 +0000 Subject: [PATCH] * don't take ownership of sDefaultDesignTemplate.pName as it triggers double free()s * ASSERT on a condition that __will__ cause a double free() * Only assign &sDefaultDesignTemplate to pTemplate if we're sure we can use it git-svn-id: svn+ssh://svn.gna.org/svn/warzone/trunk@4400 4a71c877-e1ca-e34f-864e-861f7616d084 --- src/design.c | 2 ++ src/droid.c | 16 +++++++++++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/design.c b/src/design.c index 142f3f942..7724cf140 100644 --- a/src/design.c +++ b/src/design.c @@ -470,6 +470,7 @@ static BOOL _intAddDesign( BOOL bShowCentreScreen ) else { memcpy(&sCurrDesign, &sDefaultDesignTemplate, sizeof(DROID_TEMPLATE)); + sCurrDesign.pName = NULL; strlcpy(aCurrName, _("New Vehicle"), sizeof(aCurrName)); strlcpy(sCurrDesign.aName, aCurrName, sizeof(sCurrDesign.aName)); } @@ -3455,6 +3456,7 @@ static void desCreateDefaultTemplate( void ) { /* set current design to default */ memcpy( &sCurrDesign, &sDefaultDesignTemplate, sizeof(DROID_TEMPLATE) ); + sCurrDesign.pName = NULL; /* reset stats */ intSetDesignStats(&sCurrDesign); diff --git a/src/droid.c b/src/droid.c index f30f5beff..51730708c 100644 --- a/src/droid.c +++ b/src/droid.c @@ -2489,6 +2489,10 @@ BOOL loadDroidTemplates(const char *pDroidData, UDWORD bufferSize) */ if ( pDroidDesign->droidType == DROID_DEFAULT ) { + // NOTE: sDefaultDesignTemplate.pName takes ownership + // of the memory allocated to pDroidDesign->pName + // here. Which is good because pDroidDesign leaves + // scope here anyway. memcpy( &sDefaultDesignTemplate, pDroidDesign, sizeof(DROID_TEMPLATE) ); free(pDroidDesign); } @@ -2500,7 +2504,6 @@ BOOL loadDroidTemplates(const char *pDroidData, UDWORD bufferSize) //increment the pointer to the start of the next record pDroidData = strchr(pDroidData,'\n') + 1; - pDroidDesign++; } if ( bDefaultTemplateFound == false ) @@ -2677,8 +2680,11 @@ BOOL loadDroidWeapons(const char *pWeaponData, UDWORD bufferSize) /* if Template not found - try default design */ if (!pTemplate) { - pTemplate = &sDefaultDesignTemplate; - if ( strcmp(TemplateName, pTemplate->pName) != 0 ) + if (strcmp(TemplateName, sDefaultDesignTemplate.pName) == 0) + { + pTemplate = &sDefaultDesignTemplate; + } + else { debug( LOG_ERROR, "Unable to find Template - %s", TemplateName ); abort(); @@ -2759,10 +2765,10 @@ BOOL droidTemplateShutDown(void) { DROID_TEMPLATE *pTemplate, *pNext; - for(pTemplate = apsDroidTemplates[player]; pTemplate != NULL; - pTemplate = pNext) + for (pTemplate = apsDroidTemplates[player]; pTemplate != NULL; pTemplate = pNext) { pNext = pTemplate->psNext; + ASSERT(sDefaultDesignTemplate.pName != pTemplate->pName, "We'll soon be getting a double free()!!!"); if (pTemplate->pName != sDefaultDesignTemplate.pName) { free(pTemplate->pName);