widelands

Merge lp:~widelands-dev/widelands/bug-1807156-heap-use-after-free into lp:widelands

  1. bug-1807156-heap-use-after-free
  2. Merge into trunk
Proposed by GunChleoc
Status: Merged
Merged at revision: 9026
Proposed branch: lp:~widelands-dev/widelands/bug-1807156-heap-use-after-free
Merge into: lp:widelands
Diff against target: 23 lines (+7/-5)
1 file modified
src/wui/buildingwindow.cc (+7/-5)
To merge this branch: bzr merge lp:~widelands-dev/widelands/bug-1807156-heap-use-after-free
Reviewer Review Type Date Requested Status
Klaus Halfmann Needs Information
Review via email: mp+363584@code.launchpad.net

Commit message

Ensure that interactive base still exists when toggling building help window

This will potentially fix a heap-use-after-free

Description of the change

I could not reproduce the original bug, so this fix is just my best guess.

To post a comment you must log in.
Revision history for this message
bunnybot (widelandsofficial) wrote :

Continuous integration builds have changed state:

Travis build 4517. State: passed. Details: https://travis-ci.org/widelands/widelands/builds/497694161.
Appveyor build 4304. State: success. Details: https://ci.appveyor.com/project/widelands-dev/widelands/build/_widelands_dev_widelands_bug_1807156_heap_use_after_free-4304.

Revision history for this message
Klaus Halfmann (klaus-halfmann) wrote :

Mhh, in case (building_in_lambda == nullptr) you return;
In case (parent_ != nullptr) you fall through.

This is in create_capsbuttons() but I dont see this in the stacktrace?

Any idea how to test this?

Revision history for this message
GunChleoc (gunchleoc) wrote :

The reported line is:

./src/wui/buildingwindow.cc:359

which is

Widelands::Building* building_in_lambda = building_.get(parent_->egbase());

and my guess is that parent_ has become nullptr for some reason.

No idea how to test his - I did not manage to trigger the bug, but maybe somebody else will have more creative ideas.

Revision history for this message
Klaus Halfmann (klaus-halfmann) wrote :

OK merged trunk. I get some

../src/wlapplication.cc:1476:30: warning: unused exception parameter 'e'
[-Wunused-exception-parameter]
        } catch (const FileError& e) {

will now use a debugger to poke into that code.

Revision history for this message
GunChleoc (gunchleoc) wrote :

Please do not report unrelated issues in merge requests - it makes the merge request noisy with unrelated discussions. Create a bug for it ;)

I have fixed this one directly in trunk, thanks for reporting!

Revision history for this message
Klaus Halfmann (klaus-halfmann) wrote :

OK, his is te code that will (new in R20) add the Helpbutton
so the correct helpwindow for the building in progress will be shown.

_parent is the same as igbase() which is used at the very start of the function,
so I have no idea how this should be come null?

Teh origiinal bug is about some heap-use-after-free, in this case the prt
would be != null but be freed before?

I see no operator() (e.g. from unique Pointer) involved?

So my bues guess is that this _may_ be a help window for some consntruction side,
that is open longer then the original building window().

Ill use this branch to try to provoke such conditions.

review: Needs Information
Revision history for this message
Klaus Halfmann (klaus-halfmann) wrote :

I quick game for some 40 minutes, found nothing,
will try to produce this in some coop game perhaps.

Revision history for this message
GunChleoc (gunchleoc) wrote :

We decided in the bug to merge this, since it doesn't do any harm

@bunnybot merge

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/wui/buildingwindow.cc'
2--- src/wui/buildingwindow.cc 2019-02-23 11:00:49 +0000
3+++ src/wui/buildingwindow.cc 2019-03-05 09:06:17 +0000
4@@ -356,12 +356,14 @@
5 UI::UniqueWindow::Registry& registry =
6 igbase()->unique_windows().get_registry(building_descr_for_help_.name() + "_help");
7 registry.open_window = [this, &registry] {
8- Widelands::Building* building_in_lambda = building_.get(parent_->egbase());
9- if (building_in_lambda == nullptr) {
10- return;
11+ if (parent_ != nullptr) {
12+ Widelands::Building* building_in_lambda = building_.get(parent_->egbase());
13+ if (building_in_lambda == nullptr) {
14+ return;
15+ }
16+ new UI::BuildingHelpWindow(igbase(), registry, building_descr_for_help_,
17+ building_in_lambda->owner().tribe(), &parent_->egbase().lua());
18 }
19- new UI::BuildingHelpWindow(igbase(), registry, building_descr_for_help_,
20- building_in_lambda->owner().tribe(), &parent_->egbase().lua());
21 };
22
23 helpbtn->sigclicked.connect(

Subscribers

People subscribed via source and target branches

to status/vote changes: