[Commits] [wesnoth/wesnoth] 9f379b: Fix rare memory corruption in combat simulation
GitHub
noreply at github.com
Tue Sep 20 20:20:22 UTC 2016
Branch: refs/heads/master
Home: https://github.com/wesnoth/wesnoth
Commit: 9f379b96e34236d087d1788add77698602dd78b9
https://github.com/wesnoth/wesnoth/commit/9f379b96e34236d087d1788add77698602dd78b9
Author: Jyrki Vesterinen <sandgtx at gmail.com>
Date: 2016-09-20 (Tue, 20 Sep 2016)
Changed paths:
M src/attack_prediction.cpp
Log Message:
-----------
Fix rare memory corruption in combat simulation
It occurred when a fight was simulated for a
* slowed unit
* that can level up after the fight
* using Monte Carlo simulation.
Monte_carlo_combat_matrix clears the matrix in constructor because it uses
the matrix in a different way than probability_combat_matrix. Clearing was
unnecessarily thorough and marked all the rows and columns as unused.
If the unit was slowed before the fight, no values were ever placed to
plane 0 (neither unit slowed). Thus, all the rows/columns in plane 0 were
still marked as unused even after the simulation.
After the Monte Carlo simulation, the simulation code considered the
possibility that the unit may have leveled up. It does that by moving all
the values that mean "combatant B dead" into the last row of plane 0, that
means "combatant A full HP and not slowed".
The code that moves the values assumes that at least one row and column is
used. If none are, then it dereferences an invalid iterator and corrupts
memory.
I fixed the bug my making prob_matrix::clear() leave row and column 0 as
used.
After applying this fix, I can't reproduce the assertion failure @mattsc
reported or the hang @GregoryLundberg reported. Those problems were likely
caused by the memory corruption.
More information about the Commits
mailing list