OSDN -- 오픈 소스 소프트웨어 개발 및 다운로드
Translation Status of 한국말 translation status for ko

Ticket #47748
Ticket List Submit New Ticket RSS

set_city_production() overflows

오픈 날짜: 2023-04-02 15:45 마지막 업데이트: 2023-05-02 01:08

Reporter:
cazfi
소유자:
(None)
Type:
Bugs
Status:
Open
Component:
General
MileStone:
(None)
Priority:
5 - Medium
Severity:
5 - Medium
Resolution:
None
File:
3

Details

From https://osdn.net/projects/freeciv/ticket/46286#comment:12505:46286:1679918727 reported by alain_bkr:

17 ../../common/city.c:2872:21: runtime error: signed integer overflow
17 ../../common/city.c:2879:25: runtime error: signed integer overflow
17 ../../common/city.c:2886:37: runtime error: signed integer overflow
4 ../../common/city.c:3156:33: runtime error: signed integer overflow

The last one might be unrelated to the others. This was with S3_1.

Ticket History (3/8 Histories)

2023-04-02 15:45 Updated by: cazfi
  • New Ticket "set_city_production() overflows" created
2023-04-10 09:54 Updated by: alain_bkr
댓글 올리기

This one is robust and reproducible.

  • It happens approximately in each game, and before turn 100 in my tests on small maps (<4k tiles) with 2~12 AI.
  • I took one game where it occurs very early and rerun, but i had pulled latest, and recompiled (clang-15 with -fsanitize=undefined flag for compilers and linker)

I step on the bug each time at turn 25, from the attached game at turn 21 , modified to have endturn 30 

common/city.c
inline void set_city_production(struct city *pcity)
...
 2872 :      pcity->prod[o] * pcity->bonus[o] / 100,
... 
 2879 :      pcity->prod[O_TRADE] * pcity->bonus[O_TRADE] / 100
...
 2886 :      pcity->prod[o] = pcity->prod[o] * pcity->bonus[o] / 100;

with always mostly the same value - 1 billion * 100 

 ../../common/city.c:2872:21: runtime error: signed integer overflow: -999999978 * 100 cannot be represented in type 'int'
../../common/city.c:2879:25: runtime error: signed integer overflow: -999999984 * 100 cannot be represented in type 'int'
../../common/city.c:2886:37: runtime error: signed integer overflow: -999999978 * 100 cannot be represented in type 'int'

(Edited, 2023-04-10 10:53 Updated by: alain_bkr)
2023-04-10 11:55 Updated by: alain_bkr
댓글 올리기

need to check if this also happens in other cases :

several turns before our overflow we have index -1 out of bounds 

> 
Game saved as Sz03-Ai012-Lm54-20230401-154838-T00021-auto.sav.xz
> ../../common/unit.c:2475:13: runtime error: index -1 out of bounds for type 'const struct unit_list_link *[5]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../common/unit.c:2475:13 in 

Game saved as Sz03-Ai012-Lm54-20230401-154838-T00022-auto.sav.xz
> 
Game saved as Sz03-Ai012-Lm54-20230401-154838-T00023-auto.sav.xz
> 
Game saved as Sz03-Ai012-Lm54-20230401-154838-T00024-auto.sav.xz
> ../../common/city.c:2872:21: runtime error: signed integer overflow: -999999982 * 100 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../common/city.c:2872:21 in 
../../common/city.c:2879:25: runtime error: signed integer overflow: -999999985 * 100 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../common/city.c:2879:25 in 
../../common/city.c:2886:37: runtime error: signed integer overflow: -999999982 * 100 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../common/city.c:2886:37 in 

Game saved as Sz03-Ai012-Lm54-20230401-154838-T00025-auto.sav.xz
>

2023-04-22 19:31 Updated by: cazfi
댓글 올리기

Reply To alain_bkr

need to check if this also happens in other cases : several turns before our overflow we have index -1 out of bounds {{{

Game saved as Sz03-Ai012-Lm54-20230401-154838-T00021-auto.sav.xz

../../common/unit.c:2475:13: runtime error: index -1 out of bounds for type 'const struct unit_list_link *5'

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../common/unit.c:2475:13 in

Very likely not the cause to the later overflow. I opened #47900 about this one.

2023-05-02 01:08 Updated by: alain_bkr
댓글 올리기

origin/S3_1 373049274

I have reproducible error directly at load time from Sz4-Ai001-Lm62-230409_184438-T00069-auto.sav.xz with only one AI alone 

3: Savegame: 'ysize' has been set to 72.
3: Erminaz has been added as Cheating level AI-controlled player (classic).
../../common/city.c:2872:21: runtime error: signed integer overflow: -999999992 * 100 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../common/city.c:2872:21 in 
../../common/city.c:2879:25: runtime error: signed integer overflow: -999999997 * 100 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../common/city.c:2879:25 in 
../../common/city.c:2886:37: runtime error: signed integer overflow: -999999992 * 100 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../common/city.c:2886:37 in 
Console: 'savename' has been set to "reSz4-Ai001-Lm62-230409_184438-T%04T-%R".
Console: 'endturn' has been set to 69.
Game saved as reSz4-Ai001-Lm62-230409_184438-T0069-manual.sav.xz
Starting game.
------------------------------------------------------------------------------
All options with non-default values
------------------------------------------------------------------------------
In the column '##' the status of
(Edited, 2023-05-02 01:14 Updated by: alain_bkr)

Attachment File List

Edit

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Login