Question double free error

This is no core file, i'm run tbamud via gdb.

And restarting mud.

I'm waiting next crash...

Hello, i'm Prool, the bug hunter

I'm reveived next crash.

Debug info here:

SYSERR: Write to socket: Connection reset by peer
free(): invalid pointer

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: Нет такого файла или каталога.

(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7dae859 in __GI_abort () at abort.c:79
#2 0x00007ffff7e1929e in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7f43298 "%s\n")
at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007ffff7e2132c in malloc_printerr (str=str@entry=0x7ffff7f414c1 "free(): invalid pointer") at malloc.c:5347
#4 0x00007ffff7e22b5c in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:4173
#5 0x00005555555b9a91 in close_socket (d=0x555556c23be0) at comm.c:2111
#6 0x00005555555bb398 in game_loop (local_mother_desc=3) at comm.c:917
#7 0x0000555555566319 in init_game (local_port=<optimized out>) at comm.c:544
#8 main (argc=2, argv=<optimized out>) at comm.c:355


up 5 times

(gdb) print d->history
$1 = (char **) 0x555556be77d0

(gdb) info local
cnt = <optimized out>
temp = <optimized out>

(gdb) print *d
$2 = {descriptor = 6, host = "183.136.225.43", '\000' <repeats 26 times>, bad_pws = 0 '\000', idle_tics = 0 '\000', connected = 32,
desc_num = 21, login_time = 1685193942, showstr_head = 0x0, showstr_vector = 0x0, showstr_count = 0, showstr_page = 0, str = 0x0,
backstr = 0x0, max_str = 0, mail_to = 0, has_prompt = 0,
inbuf = "\000ET / HTTP/1.1\r\nHost: 195.123.245.173:8888\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0\r\nAccept: */*\r\nConnection: keep-alive\r\n\r\n", '\000' <repeats 12108 times>,
last_input = "Connection: keep-alive\000 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0", '\000' <repeats 417 times>,
small_outbuf = "Attempting to Detect Client, Please Wait...\r\n\377\375\030Collecting Protocol Information... Please Wait.\r\n", '\000' <repeats 926 times>,
output = 0x555556c26e5c "Attempting to Detect Client, Please Wait...\r\n\377\375\030Collecting Protocol Information... Please Wait.\r\n", history = 0x555556be77d0, history_pos = 0, bufptr = 97, bufspace = 926, large_outbuf = 0x0, input = {head = 0x0, tail = 0x555556b4c6c0},
character = 0x0, original = 0x0, snooping = 0x0, snoop_by = 0x0, next = 0x0, olc = 0x0, pProtocol = 0x555556c002c0,
events = 0x555556af3bc0}

(gdb) print *(d->history)
$3 = 0x555556af4d60 ""

With best regards,

Serge "Prool" Pustovoitoff

Anyone ever investigate this?  Not sure if it is system specific, but I still get it on my AWS instance randomly.  Seems to follow a "Connection reset by peer" write to socket error.  I do not get it on my local dev platform, only my AWS instance... but that one gets hit with port scans frequently, so that may be the reason.  Eitehr way, not sure why it is causing a crash.

I've tried reproducing it with a lot of different clients, but haven't been able to.

In a stock tbamud, line 2111 of comm.c is a blank line: github.com/tbamud/tbamud/blob/f6339b495e...813/src/comm.c#L2111

So the stack trace isn't helpful, I'm afraid.