ports/150287: Segfault: games/spider crashes after 51 moves
Pascal Stumpf
Pascal.Stumpf at FreeBSD.org
Sat Sep 4 21:00:09 UTC 2010
>Number: 150287
>Category: ports
>Synopsis: Segfault: games/spider crashes after 51 moves
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Sep 04 21:00:09 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Pascal Stumpf
>Release: 8-STABLE amd64
>Organization:
>Environment:
>Description:
Spider crashes with a segfault in movelog.c in the record() function after grow_cache() is called from there the first time (i.e. when move_index reaches 50):
record(from, dest, num_cards, exposed)
int from, dest, num_cards;
Bool exposed;
{
int val;
val = 11 * ( 11 * ((exposed ? 1 : 0) * 14 + num_cards) + dest) + from;
move_cache[move_index++] = val;
if (move_index >= cache_size)
grow_cache();
}
So there has to be something weird happening in grow_cache(). I’ve got no idea what it is. Usage of realloc() seems ok to me. :(
grow_cache()
{
int *new;
cache_size += CACHE_SIZE;
new = (int *) realloc((char *)move_cache,
(unsigned)(cache_size * sizeof(int)));
if (new == (int *) NULL) {
(void)fprintf(stderr,"realloc failed\n");
exit(-1);
}
move_cache = new;
}
As a dirty workaround, one could just increase the initial CACHE_SIZE.
>How-To-Repeat:
>Fix:
--- movelog.c.orig 2010-09-04 22:32:24.000000000 +0200
+++ movelog.c 2010-09-04 22:32:39.000000000 +0200
@@ -23,7 +23,7 @@
#include <unistd.h>
#endif
-#define CACHE_SIZE 50
+#define CACHE_SIZE 1000
static int move_index = 0;
static int *move_cache = NULL;
static int cache_size = 0;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list