Armagetron Advanced

Segfault when client sends new vote kick player who left

Bug #1804891 reported by Armanelgtron
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Armagetron Advanced
Fix Committed
Critical
Manuel Moos

Bug Description

It probably happens in (at least) all the 0.2.* versions, but I tried it on sty+ct
A way to reproduce: Sit in the kick menu, wait for a player to leave, then try to submit a kick poll on the player who left.

(gdb) backtrace
#0 0x0000555555682a4e in eVoteItemHarm::CheckValidNoHarm(int) ()
#1 0x0000555555682c09 in eVoteItemHarm::DoCheckValid(int) ()
#2 0x000055555568312c in eVoteItem::CheckValid(int) ()
#3 0x000055555567e8d6 in se_HandleKickVote(nMessage&) ()
#4 0x00005555556b92b4 in nDescriptor::HandleMessage(nMessage&) ()
#5 0x00005555556ba8e0 in rec_peer(unsigned int) ()
#6 0x00005555556bb319 in sn_Receive() ()
#7 0x00005555555d49c9 in sg_Receive() ()
#8 0x00005555555d4c42 in gGame::NetSync() ()
#9 0x00005555555dbfee in gGame::StateUpdate() ()
#10 0x00005555555d511f in GameLoop(bool) ()
#11 0x00005555555d5541 in sg_EnterGameCore(nNetState) ()
#12 0x00005555555d5c91 in sg_EnterGame(nNetState) ()
#13 0x00005555555d9006 in own_game(nNetState) ()
#14 0x00005555555d9306 in sg_HostGame() ()
#15 0x0000555555594e55 in main ()

See original description
Revision history for this message
Armanelgtron (armanelgtron) wrote :
description: updated
Armanelgtron (armanelgtron)
description: updated
Revision history for this message
Armanelgtron (armanelgtron) wrote :

A more useful backtrace (on +ap this time though, meh):

#0 0x00005555556e9822 in ePlayerNetID::IsSilenced (this=0x0)
    at engine/ePlayer.h:393
#1 0x0000555555719c4e in eVoteItemHarm::CheckValidNoHarm (
    this=0x555555fd5bd0, senderID=1) at engine/eVoter.cpp:1190
#2 0x0000555555719ddc in eVoteItemHarm::DoCheckValid (this=0x555555fd5bd0,
    senderID=1) at engine/eVoter.cpp:1215
#3 0x000055555571be70 in eVoteItemKickServerControlled::DoCheckValid (
    this=0x555555fd5b30, senderID=1) at engine/eVoter.cpp:1643
#4 0x0000555555718d17 in eVoteItem::CheckValid (this=0x555555fd5b70,
    senderID=1) at engine/eVoter.cpp:676
#5 0x0000555555717420 in eVoteItem::FillFromMessage (this=0x555555fd5b70,
    m=...) at engine/eVoter.cpp:251
#6 0x0000555555714a1b in se_HandleKickVote (m=...) at engine/eVoter.cpp:1664
#7 0x000055555575707d in nDescriptor::HandleMessage (message=...)
    at network/nNetwork.cpp:618
#8 0x000055555575e139 in rec_peer (peer=33) at network/nNetwork.cpp:2892
#9 0x00005555557610b3 in sn_Receive () at network/nNetwork.cpp:3674
#10 0x00005555555e3fa3 in sg_Receive () at tron/gGame.cpp:2292
#11 0x00005555555eed78 in sg_EnterGameCore (enter_state=nSERVER)
    at tron/gGame.cpp:5629
#12 0x00005555555eef17 in sg_EnterGame (enter_state=nSERVER)
    at tron/gGame.cpp:5702
#13 0x00005555555e3968 in own_game (enter_state=nSERVER) at tron/gGame.cpp:2135
---Type <return> to continue, or q <return> to quit---
#14 0x00005555555e3d64 in sg_HostGame () at tron/gGame.cpp:2232
#15 0x000055555559fe2f in main (argc=1, argv=0x7fffffffe538) at tron/gArmagetron.cpp:828

Revision history for this message
Manuel Moos (z-man) wrote :

A missing null check, basically; and also, the code was checking the target player, so you could not issue kick votes on players who already were silenced. player_ sould be named targetPlayer_ here, really.

Changed in armagetronad:
importance: Undecided → Critical
assignee: nobody → Manuel Moos (z-man)
status: New → Fix Committed
Revision history for this message
Manuel Moos (z-man) wrote :

Released versions 0.2.8.3.X are unaffected.

Armanelgtron (armanelgtron)
information type: Public → Private
Armanelgtron (armanelgtron)
information type: Private → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.