woohoo! found the bug!

**Nick** · July 22, 2016, 22:18

Thanks, I'll check that out. Since player knowledge, object_absorb() has been a rich source of bugs...

Is this in master or the curses branch?

**Pete Mack** · July 22, 2016, 22:22

Ok, now that I found it, I am looking for other uses of an object ptr after drop_near. Jwre is the list:
obj-gear.c, line 1050
Out of 10 total uses. Recommendation:
Make drop_near pass-by-reference, so the dropped object cannot disappear out of the calling scope. This is very risky code.

**Pete Mack** · July 22, 2016, 23:34

Master. I haven't updated in a couple weeks tho.

**Pete Mack** · July 22, 2016, 23:41

In my local copy I just moved the message or message condition to prior to the drop code. To preserve your sanity, I recommend invalidating any object in a destructive call, so that errors like this show up earlier.

Edit:
I suspect these bugs are very longstanding indeed.

**Pete Mack** · July 24, 2016, 04:30

Hmm. Another fault (this time just a trap from the debugger on access to freed memory, but it's the same type of issue.)
Unfortunately it is in object delete in floor_pile_know, when moving into a room with objects detected by !enlightenment. That is a much harder one to track down.

**PowerWyrm** · July 24, 2016, 19:38

Originally posted by Pete Mack

Severity 0: Game crashes reliably in drop_near when firing a missile.
Cause: drop_near attempts to examine the object after it has been deleted in object_absorb in a floor pile of similar objects.
Line 1009: dropped-oidx is garbage after being freed in object absorption in the floor. Absolutely cannot use after reference.
Possible solution: Make floor_carry take a reference pointer, in case the object is absorbed by a pile.

Already reported ages ago lol: http://angband.oook.cz/forum/showpos...21&postcount=5

**Nick** · July 31, 2016, 00:26

Originally posted by Pete Mack

Ok, now that I found it, I am looking for other uses of an object ptr after drop_near. Jwre is the list:
obj-gear.c, line 1050
Out of 10 total uses. Recommendation:
Make drop_near pass-by-reference, so the dropped object cannot disappear out of the calling scope. This is very risky code.

I've done a fix to this in a36e0e5 - does that address your concerns?

**Pete Mack** · July 31, 2016, 02:22

Yes, it's well done. (It occurred to me later that the right thing to do is to return the new value, if the object moved into a stack. But that' still not a good idea, for the not-so-rare case where the object disappears on dropping onto an already full square.)

woohoo! found the bug!

woohoo! found the bug!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment