[Angband 4.0] Massive memory leaks + possible double-free on object pointers

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • PowerWyrm
    Prophet
    • Apr 2008
    • 2986

    [Angband 4.0] Massive memory leaks + possible double-free on object pointers

    Oh dear...

    Since the restructure, all object-related structures (object_kind/artifact/ego_item/object) have slays and brands as linked lists.

    These structures can be described as:

    struct obj_related
    {
    static fields;
    static pointers; (kind, name...)
    dynamic pointers; (slays, brands...)
    };

    Everywhere in the code, these structures are copied and wiped. For all static fields/pointers, this has no impact. But for dynamic pointers, the result is catastrophic.

    Case #1: WIPE()

    This simply does a memset(0) on the structure, which will set to zero every bit of the structure, including dynamic pointers. Basically, the memory allocated to these pointers is lost.

    To avoid these memory leaks, all dynamic pointers must be freed before calling WIPE(). See object_wipe() for a good example.

    Case #2: COPY()

    This will do a bit-to-bit copy of the structures, which will copy everything including dynamic pointers. Here, the danger is double: not only the memory allocated to the dynamic pointers associated with the destination is lost (pointer address is replaced), but if you free the source object (assuming the dynamic pointers are properly freed when freeing the source object), you also free the dynamic pointers associated with the destination (since they are now equal)... and you could be in trouble when freeing the destination object (potential double-free of dynamic pointers).

    To avoid this problem, all dynamic pointers must be freed before calling COPY, set to NULL after the copy and then copied separately. See object_copy() for a good example.

    Case #3: structure copy

    This is similar to case #2, as doing struct 2 = struct 1 is the same as doing COPY(&struct 2, &struct 1, struct). Same fix must apply. See scramble_artifact() for a good example of structure copy.
    PWMAngband variant maintainer - check https://github.com/draconisPW/PWMAngband (or http://www.mangband.org/forum/viewforum.php?f=9) to learn more about this new variant!
  • Nick
    Vanilla maintainer
    • Apr 2007
    • 9637

    #2
    This was indeed a problem, but I believe it is all fixed in the latest code. I've done a lot of tracking down of leaks with valgrind.
    One for the Dark Lord on his dark throne
    In the Land of Mordor where the Shadows lie.

    Comment

    • AnonymousHero
      Veteran
      • Jun 2007
      • 1393

      #3
      Originally posted by Nick
      This was indeed a problem, but I believe it is all fixed in the latest code. I've done a lot of tracking down of leaks with valgrind.
      Sorry to keep harping on about it, but may I yet again recommend AddressSanitizer? It gives much more precise information and it's fast enough to use all the time.

      Comment

      • PowerWyrm
        Prophet
        • Apr 2008
        • 2986

        #4
        Originally posted by Nick
        This was indeed a problem, but I believe it is all fixed in the latest code. I've done a lot of tracking down of leaks with valgrind.
        Seems like the new object piles fix most of the issues yes. See #3 for artifact structure copy in scramble_artifact()... this should still be a problem.
        PWMAngband variant maintainer - check https://github.com/draconisPW/PWMAngband (or http://www.mangband.org/forum/viewforum.php?f=9) to learn more about this new variant!

        Comment

        • PowerWyrm
          Prophet
          • Apr 2008
          • 2986

          #5
          Originally posted by PowerWyrm
          Seems like the new object piles fix most of the issues yes. See #3 for artifact structure copy in scramble_artifact()... this should still be a problem.
          And there is... looking at artifact.spo, no brands/slays are ever generated on randarts.
          PWMAngband variant maintainer - check https://github.com/draconisPW/PWMAngband (or http://www.mangband.org/forum/viewforum.php?f=9) to learn more about this new variant!

          Comment

          • Nick
            Vanilla maintainer
            • Apr 2007
            • 9637

            #6
            Originally posted by PowerWyrm
            And there is... looking at artifact.spo, no brands/slays are ever generated on randarts.
            Yep, just found and fixed that one. I think it might fix a bunch of the randart problems.
            One for the Dark Lord on his dark throne
            In the Land of Mordor where the Shadows lie.

            Comment

            Working...
            😀
            😂
            🥰
            😘
            🤢
            😎
            😞
            😡
            👍
            👎