search

Illarion-eV / Illarion-Server

Server for the online RPG Illarion
http://illarion.org
GNU Affero General Public License v3.0
27 stars 19 forks source link

Server crash after invalid items had been detected #86

Open vilarion opened 2 years ago

vilarion commented 2 years ago 
Feb 14 18:07:36 Player (err): Player xxxxxxx(xxxxxxxxx) has invalid depot contents 2!
Feb 14 18:07:36 Player (err): Exception on loading player: std::exception
Feb 14 18:07:36 Other (err): SIGSEGV received! Last Script: npc.iradona_goldschein
Feb 14 18:07:36 terminate called without an active exception
vilarion commented 2 years ago

May have happened because of manual item deletion by Slightly. Still the db should not get into an invalid state.

dayjaby commented 2 years ago

The combination of

            auto depotIt = depotContents.find(depot.first);

            if (depotIt != depotContents.end()) {
                depotIt->second = depot.second;
            }
        }

and 

        for (rit = depots.rbegin(); rit != depots.rend(); ++rit) {
            delete rit->second;
        }

        for (rit2 = depotContents.rbegin(); rit2 != depotContents.rend(); ++rit2) {
            delete rit2->second;
        }

looks like some pointers are deleted twice.

Verified the issue here: https://gist.github.com/dayjaby/792d80b409ab15d198ea42490c330346

$ g++ broken.cpp -o broken && ./broken
1 constructed
2 constructed
Trying to delete container 2
2 destructed
Trying to delete container 0
0 destructed
free(): double free detected in tcache 2
Abgebrochen (Speicherabzug geschrieben)

$ g++ fixed.cpp -o fixed && ./fixed
1 constructed
2 constructed
1 destructed
2 destructed