View Issue Details

IDProjectCategoryView StatusLast Update
0000489LDMudRuntimepublic2018-01-29 22:57
ReporterGnomi Assigned Tolars 
Status resolvedResolutionfixed 
Platformi686OSDebian GNU/LinuxOS Version3.1
Summary0000489: assert_simul_efun_object() should check whether the simul_efun was loaded during the master apply
DescriptionThe get_simul_efun() in our master loads a backup simul_efun if the load of the original simul_efun failed. A failure can be a compile or runtime error during loading of the original simul_efun or a recursive call to get_simul_efun().

The last possibility isn't handled by the driver very well. If a new simul_efun object accidentally calls a simul_efun (eg. because of a forgotten prototype or efun:: prefix), the driver calls assert_simul_efun_object and thus get_simul_efun again. The master then switches to the backup and loads it. Hence also the compilation of the original simul_efun succeeds and the driver activates it as the new official simul_efun. Because of this procedure the simul_efun tables first contains all the functions from the backup simul efun and after that all the functions from the original simul_efun.

So if a program, that was compiled before this simul_efun renewal, calls a simul_efun, it will get the function from the backup simul_efun, which will then be executed with the variables from the original simul_efun (because the last activated simul_efun will be in the simul_efun_object variable). This may lead to an error "Illegal variable access 42(33)." and thus to a crash:

2006.10.05 11:36:10 Illegal variable access 42(33).
2006.10.05 11:36:10 Current object was secure/simul_efun/simul_efun
2006.10.05 11:36:10 Dump of the call chain:
' modify_command' in ' i/player/tippse.c' (' obj/player#5') line 548
' command_start' in 'secure/simul_efun/backup/simul_efun.c (/secure/simul_efun/backup/' ('secure/simul_efun/simul_efun') line 55

(gdb) bt
#0 0x081050db in dump_core () at simulate.c:586
0000001 0x080fcdde in fatal (fmt=0x812b4a0 "Illegal variable access %d(%d).\n")
    at simulate.c:649
0000002 0x080abf35 in find_value (num=42) at interpret.c:5834
0000003 0x0808fb76 in eval_instruction (
    first_instruction=0x9358b66 "?<'\003?\003\"j4`", initial_sp=0x816fa80)
    at interpret.c:8137
0000004 0x0809eadc in eval_instruction (
    first_instruction=0x917078a "`\001\ta?n?\017?b\\v\016$\022\036/js\017v\016)\002\016\b\r+\022\n1&Y?~", initial_sp=0x816fa78) at interpret.c:14589
0000005 0x080a1fc9 in apply_low (fun=0x8b2df6c, ob=0x91f2890, num_arg=1,
    b_ign_prot=0, allowRefs=0) at interpret.c:16623
0000006 0x080a2583 in int_apply (fun=0x8b2df6c, ob=0x91f2890, num_arg=1,
    b_ign_prot=0, b_use_default=1) at interpret.c:16814
0000007 0x080a29af in sapply_int (fun=0x8b2df6c, ob=0x91f2890, num_arg=1,
    b_find_static=0, b_use_default=1) at interpret.c:16975
0000008 0x0804ac7a in call_modify_command (buff=0xbff2c610 "s") at actions.c:540
0000009 0x0804bbfa in parse_command (buff=0xbff2c610 "s", from_efun=0)
    at actions.c:883
0000010 0x0804c784 in execute_command (str=0xbff2c610 "s", ob=0x91f2890)
    at actions.c:1258
0000011 0x0805445c in backend () at backend.c:697
0000012 0x080b8156 in main (argc=16, argv=0xbff2e034) at main.c:615

Even if this crash wouldn't happen, the backup simul_efuns could get the content of wrong variables or if the backup simul_efun would be destroyed the entries in the simul_efun table could point to random memory entries.

So I think after the master apply assert_simul_efun_object() should verify that no other simul_efun object mysteriously appeared. I have submitted a patch for this.

TagsNo tags attached.
External Data (URL)


2006-10-05 04:50


sefun.diff (534 bytes)   
Index: trunk/src/simul_efun.c
--- trunk/src/simul_efun.c	(Revision 2312)
+++ trunk/src/simul_efun.c	(Arbeitskopie)
@@ -200,6 +200,12 @@
     /* Get the name(s) of the simul_efun  object. */
     svp = apply_master(STR_GET_SEFUN, 0);
+    if (simul_efun_object)
+    {
+        printf("%s Simul_efun appeared while asking for it.\n", time_stamp());
+        return MY_TRUE;
+    }
     if (svp == NULL)
         printf("%s No simul_efun\n", time_stamp());
sefun.diff (534 bytes)   


2007-10-14 02:36

reporter   ~0000572


Issue History

Date Modified Username Field Change
2006-10-05 04:50 Gnomi New Issue
2006-10-05 04:50 Gnomi File Added: sefun.diff
2007-10-14 02:36 lars Status new => resolved
2007-10-14 02:36 lars Fixed in Version => 3.3.716
2007-10-14 02:36 lars Resolution open => fixed
2007-10-14 02:36 lars Assigned To => lars
2007-10-14 02:36 lars Note Added: 0000572
2010-11-16 10:42 lars Source_changeset_attached => ldmud.git master 26df4a54
2018-01-29 19:59 lars Source_changeset_attached => ldmud.git master 26df4a54
2018-01-29 22:57 lars Source_changeset_attached => ldmud.git master 26df4a54