* don't take ownership of sDefaultDesignTemplate.pName as it triggers double free()s
* ASSERT on a condition that __will__ cause a double free() * Only assign &sDefaultDesignTemplate to pTemplate if we're sure we can use it git-svn-id: svn+ssh://svn.gna.org/svn/warzone/trunk@4400 4a71c877-e1ca-e34f-864e-861f7616d084master
parent
c90b50b75c
commit
c3fcd4bf33
|
@ -470,6 +470,7 @@ static BOOL _intAddDesign( BOOL bShowCentreScreen )
|
|||
else
|
||||
{
|
||||
memcpy(&sCurrDesign, &sDefaultDesignTemplate, sizeof(DROID_TEMPLATE));
|
||||
sCurrDesign.pName = NULL;
|
||||
strlcpy(aCurrName, _("New Vehicle"), sizeof(aCurrName));
|
||||
strlcpy(sCurrDesign.aName, aCurrName, sizeof(sCurrDesign.aName));
|
||||
}
|
||||
|
@ -3455,6 +3456,7 @@ static void desCreateDefaultTemplate( void )
|
|||
{
|
||||
/* set current design to default */
|
||||
memcpy( &sCurrDesign, &sDefaultDesignTemplate, sizeof(DROID_TEMPLATE) );
|
||||
sCurrDesign.pName = NULL;
|
||||
|
||||
/* reset stats */
|
||||
intSetDesignStats(&sCurrDesign);
|
||||
|
|
14
src/droid.c
14
src/droid.c
|
@ -2489,6 +2489,10 @@ BOOL loadDroidTemplates(const char *pDroidData, UDWORD bufferSize)
|
|||
*/
|
||||
if ( pDroidDesign->droidType == DROID_DEFAULT )
|
||||
{
|
||||
// NOTE: sDefaultDesignTemplate.pName takes ownership
|
||||
// of the memory allocated to pDroidDesign->pName
|
||||
// here. Which is good because pDroidDesign leaves
|
||||
// scope here anyway.
|
||||
memcpy( &sDefaultDesignTemplate, pDroidDesign, sizeof(DROID_TEMPLATE) );
|
||||
free(pDroidDesign);
|
||||
}
|
||||
|
@ -2500,7 +2504,6 @@ BOOL loadDroidTemplates(const char *pDroidData, UDWORD bufferSize)
|
|||
|
||||
//increment the pointer to the start of the next record
|
||||
pDroidData = strchr(pDroidData,'\n') + 1;
|
||||
pDroidDesign++;
|
||||
}
|
||||
|
||||
if ( bDefaultTemplateFound == false )
|
||||
|
@ -2676,9 +2679,12 @@ BOOL loadDroidWeapons(const char *pWeaponData, UDWORD bufferSize)
|
|||
|
||||
/* if Template not found - try default design */
|
||||
if (!pTemplate)
|
||||
{
|
||||
if (strcmp(TemplateName, sDefaultDesignTemplate.pName) == 0)
|
||||
{
|
||||
pTemplate = &sDefaultDesignTemplate;
|
||||
if ( strcmp(TemplateName, pTemplate->pName) != 0 )
|
||||
}
|
||||
else
|
||||
{
|
||||
debug( LOG_ERROR, "Unable to find Template - %s", TemplateName );
|
||||
abort();
|
||||
|
@ -2759,10 +2765,10 @@ BOOL droidTemplateShutDown(void)
|
|||
{
|
||||
DROID_TEMPLATE *pTemplate, *pNext;
|
||||
|
||||
for(pTemplate = apsDroidTemplates[player]; pTemplate != NULL;
|
||||
pTemplate = pNext)
|
||||
for (pTemplate = apsDroidTemplates[player]; pTemplate != NULL; pTemplate = pNext)
|
||||
{
|
||||
pNext = pTemplate->psNext;
|
||||
ASSERT(sDefaultDesignTemplate.pName != pTemplate->pName, "We'll soon be getting a double free()!!!");
|
||||
if (pTemplate->pName != sDefaultDesignTemplate.pName)
|
||||
{
|
||||
free(pTemplate->pName);
|
||||
|
|
Loading…
Reference in New Issue