aeh50: "free(): invalid pointer" crash upon closing machine

[Sophira]

I'm using commit a4a3b63b on Gentoo Linux, with gcc 11.3.1.

When using the aeh50 podule on a machine, closing the machine window results in Arculator crashing and free(): invalid pointer being printed to the console.

The error seems to occur when ne2000_close() frees the ne2000 pointer (podules/common/net/ne2000.c:1449). ne2000 does point to an address, so this isn't a null pointer issue. That said, most of its members are 0 values, with others that don't seem to make sense. (For example, ne2000->ISR.pkt_rx is a negative value, which I assume is meant to be impossible.)

For example, here's how the first two members (ne2000->CR and ne2000->ISR) look at the time of one such crash:

I'm not entirely sure yet why this is occurring, but is it at all possible that the aeh50->ne2000 pointer is already getting freed somewhere else? Or otherwise overwritten with a pointer to somewhere else?

Note that this only applies to the aeh50 podule. The aeh54 podule doesn't crash or show any error.

[Sophira]

I should note here that I haven't actually managed to get networking working in the RISC iX image yet (I can bring an IP address up, but can't ping anything on my real network, for example), but that may just be my lack of understanding.

[sarah-walker-pcem]

Stupid typo, should be fixed in cdb027b.