Date: Fri, 01 Nov 2002 04:01:56 +0000 (GMT) From: Daniel Flickinger <attila@hun.org> To: Kris Kennaway <kris@obsecurity.org> Cc: FreeBSD-Ports <ports@freebsd.org>, FreeBSD 5.0-CURRENT <current@freebsd.org> Subject: Re: xshisen crashes on load with free() error junk pointer Message-ID: <20021101040156.IouQ17192@hun.org> In-Reply-To: <20021026034415.GA92923@xor.obsecurity.org> References: <20021025030922.Fcv93171@hun.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Sent: Fri, 25 Oct 2002 20:44:15 -0700
+ On Fri, Oct 25, 2002 at 03:09:22AM +0000, Daniel Flickinger wrote:
+ > OS: 5.0 CURRENT date 24 Oct 2002 1200 GMT
+ > port cvsup date 23 Oct 2002 1800 GMT
+ >
+ > build is OK although it requires X to be running as root
+ > to install.
+ >
+ > crash and burn message:
+ >
+ > xshisen in free(): error: junk pointer, too high to make sense
+ >
+ > I had been running a 1996 linux copy from the JA host as this
+ > bad free() pointer has been around for some time.
+
+ This is a bug in the software: you should discuss it with the authors.
No, the code runs on Win$lop, Linux, and HP-UX; it was
never supported by the author on FreeBSD. The port has
not been valid for most of the 5.0-CURRENT cycle;
however, the newer version (from 1999 -- 1.51) compiled
directly and ran until a 5.0-CURRENT change in, I think,
Dec 2001.
The Linux 1.51 version ran correctly until I flushed and
rebuilt _everything_ to get rid of stale libraries,
binaries, whatever, on 07 Oct. I probably had Linux
libraries from 1.x which are now history.
The 1.51 version obviates the myriad of patches required
for the 1.3x version (1.51 defaults to English). The
1.3x port does not currently build.
The changes to gcc apparently trigger the 'delete[] p'
calls in line 257 to blow up in free for lack of a
pointer.
I don't believe the author is willing to support
FreeBSD; I have written him in the past without
response, but will do so again (masaoki@techfirm.co.jp)
I freely admit that I do not grok C++; I have avoided
C++ since Bjorne foisted it on the world 20 years ago
--I told Bjorne in a Usenix forum once that C++ was
"supposedly reusable code for disposable programmers"
(tact is not one of my strong points). Any language in
which you need to think defeats the point of programming
(let alone the C++ issues of garbage collection).
Assembly and its shorthand, C, can do anything....
Of all the thousands of games out there, xshisen is the
only one which interests me. In the larger boards, you
need to think as many as a 100 moves ahead --without the
frustration of chess since there is no opponent. It's a
great de-tensioner after bouts of obsessive-compulsive
programming.
Bottom line, without learning C++, for which I am too
old and too stubborn, I have no idea where to proceed after
running a gdb backtrace on the crash --it follows
If you want a copy of xshisen 1.51 it's at:
http://hun.org/xshisen-1.51.tar.gz
Enjoy...
attila out!
______________________________________________________________
xshisen 1.51 killed by SIGABRT
the program has opened the screen and 4 empty buttons appear in the
top left corner
backtrace from gdb:
#0 0x282f7043 in kill () from /usr/lib/libc.so.5
#1 0x2834fc12 in abort () from /usr/lib/libc.so.5
#2 0x2834e689 in tcflow () from /usr/lib/libc.so.5
#3 0x2834e6b2 in tcflow () from /usr/lib/libc.so.5
#4 0x2834effa in tcflow () from /usr/lib/libc.so.5
#5 0x2834f215 in free () from /usr/lib/libc.so.5
#6 0x28280b5b in operator delete(void*) () from /usr/lib/libstdc++.so.4
#7 0x28280b2f in operator delete[](void*) () from /usr/lib/libstdc++.so.4
#8 0x0804cbd8 in Body::refreshhint() (this=0x8074000) at body.C:235
#9 0x0804c71c in Body::reset(int) (this=0x8074000, value=3) at body.C:176
#10 0x0804d2ca in Body::Sort() (this=0x8074000) at body.C:433
#11 0x080525b5 in SetGameStart() () at gamesize.C:51
#12 0x0804a80a in main (argc=1, argv=0xbfbff3b4) at main.C:401
#13 0x08049d85 in _start ()
the function called is delete[] (once for each of a pair of tiles)
at lines 257 and 258. based on the backtrace, when free is called
it is called without a pointer to memory to free, which must be
called as
void free(void *ptr)
if the pointer is null, there is no action; without a pointer,
it is indeterminate, resulting in the message:
xshisen in free(): error: junk pointer, too high to make sense
Abort trap (core dumped)
void
Body::refreshhint(void) // line 220
{
Point (*p)[2], *t;
int c = 0, dummy, num;
int max_c;
max_c = xsize*ysize*(xsize*ysize/PKIND - 1)/2;
p = new Point[max_c][2];
t = new Point[xsize*ysize/PKIND];
if (hintNum == 0)
delete[] hintArray;
for(int i=0; i<PKIND; i++) {
piepos[i]->GetPosArray(t, num);
for(int j=0; j<num; j++) // line 235
for(int k=j+1; k<num; k++)
if (pstatus[t[j].x][t[j].y] == 1 &&
pstatus[t[k].x][t[k].y] == 1) {
xp1 = t[j];
xp2 = t[k];
if ((sweep_vert(t[j], t[k], dummy) ||
sweep_horiz(t[j], t[k], dummy))) {
p[c][0] = t[j];
p[c][1] = t[k];
c++;
}
}
}
#if DEBUG
fprintf(stderr, "Removalbe pairs: %d\n",c);
#endif
hintNum = c;
currentHintNum = 0;
if (c != 0) {
hintArray = new Point [c*2];
memcpy(hintArray, p, c*2*sizeof(Point));
}
delete[] p; // line 257
delete[] t; // line 258
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021101040156.IouQ17192>