OpenTTD

Tasklist

FS#6627 - free() called on static airport rotation data (regression in r27907)

Attached to Project: OpenTTD
Opened by J G Rennison (JGR) - Friday, 13 October 2017, 21:27 GMT
Type Bug
Category Core
Status New
Assigned To No-one
Operating System All
Severity Medium
Priority Normal
Reported Version trunk
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

In src/table/airport_defaults.h, _origin_airport_specs is initialised with rotation data pointer set to reference _default_airports_rotation, which is declared as `static const Direction _default_airports_rotation[]`.

In src/newgrf.cpp AirportChangeInfo() (case for prop 0x08: Modify original airport), a new AirportSpec is allocated and initialised by copying an AirportSpec in _origin_airport_specs, this includes the rotation data pointer, pointing at static data.

In src/newgrf.cpp ResetCustomAirports() the rotation data pointer in the AirportSpec allocated in AirportChangeInfo() is freed.
As this is not a valid pointer returned by malloc() (or null) the program aborts.
This call to free() was added in r27907.

The other malloced fields of AirportSpec are correctly handled by mallocing copies in DuplicateTileTable().

I've attached a suggested fix which removes the issue without re-adding the leak fixed in r27907.
This task depends upon

Loading...