Question New core dump

Ok so I was on when this happened

an IP from a scanner tried to connect twice in a row, and the game frooze

This is the core...I really hope you can tell me how to fix this and prevent them from crashing the mud


(gdb) down
#20 0x080bc847 in init_game (argc=Cannot access memory at address 0x0
) at comm.c:536
536      game_loop(mother_desc);
(gdb) list
531      if (fCopyOver) /* reload players */
532      copyover_recover();
533
534      log("Entering game loop.");
535
536      game_loop(mother_desc);
537
538      Crash_save_all();
539
540      log("Closing all sockets.");
(gdb) down
#19 0x080bb36b in game_loop (local_mother_desc=3) at comm.c:902
902              close_socket(d);
(gdb) list
897        for (d = descriptor_list; d; d = next_d) {
898          next_d = d->next;
899          if (*(d->output) && FD_ISSET(d->descriptor, &output_set)) {
900            /* Output for this player is ready */
901            if (process_output(d) < 0)
902              close_socket(d);
903            else
904              d->has_prompt = 1;
905          }
906        }
(gdb) down
#18 0x080b76f8 in close_socket (d=0xa0aac70) at comm.c:2203
2203          free_char(d->character);
(gdb) list
2198          act("$n has lost $s link.", TRUE, link_challenged, 0, 0, TO_ROOM);
2199          save_char(link_challenged);
2200          mudlog(NRM, MAX(LVL_IMMORT, GET_INVIS_LEV(link_challenged)), TRUE, "Closing link to: %s.", GET_NAME(link_challenged));
2201        } else {
2202          mudlog(CMP, LVL_IMMORT, TRUE, "Losing player: %s.", GET_NAME(d->character) ? GET_NAME(d->character) : "<null>");
2203          free_char(d->character);
2204        }
2205      } else
2206        mudlog(CMP, LVL_IMMORT, TRUE, "Losing descriptor without char. Host was %s", d->host);
2207
(gdb) down
#17 0x080be018 in free_char (ch=0xa0a7470) at db.c:3216
3216          free(ch->player_specials);
(gdb) list
3211        for (i = 0; i < NUM_HIST; i++)
3212          if (GET_HISTORY(ch, i))
3213            free_history(ch, i);
3214
3215        if (ch->player_specials)
3216          free(ch->player_specials);
3217
3218        /* free script proto list */
3219        free_proto_script(ch, MOB_TRIGGER);
3220
(gdb) down




Program terminated with signal 11, Segmentation fault.
#0  0x008a4d28 in malloc_consolidate () from /lib/libc.so.6
(gdb) list
197    #endif
198
199      t->tv_sec = (int) (millisec / 1000);
200      t->tv_usec = (millisec % 1000) * 1000;
201    }
202
203    #endif  /* CIRCLE_WINDOWS || CIRCLE_MACINTOSH */
204
205    int main(int argc, char **argv)
206    {
(gdb) info local
No symbol table info available.
(gdb) up
#1  0x008a6fc7 in _int_malloc () from /lib/libc.so.6
(gdb) info local
No symbol table info available.
(gdb) up
#2  0x008a8f5a in calloc () from /lib/libc.so.6
(gdb) up
#3  0x0082880b in _dl_new_object () from /lib/ld-linux.so.2
(gdb) info local
No symbol table info available.
(gdb) up
#4  0x00824011 in _dl_map_object_from_fd () from /lib/ld-linux.so.2
(gdb) info local
No symbol table info available.
(gdb) up
#5  0x00825f71 in _dl_map_object () from /lib/ld-linux.so.2
(gdb) info local
No symbol table info available.
(gdb) up
#6  0x0082fd41 in dl_open_worker () from /lib/ld-linux.so.2
(gdb) info local
No symbol table info available.
(gdb) up
#7  0x0082c0d6 in _dl_catch_error () from /lib/ld-linux.so.2
(gdb) info local
No symbol table info available.
(gdb) up
#8  0x0082f742 in _dl_open () from /lib/ld-linux.so.2
(gdb) info local
No symbol table info available.
(gdb) up
#9  0x00948862 in do_dlopen () from /lib/libc.so.6
(gdb) info local
No symbol table info available.
(gdb) up
#10 0x0082c0d6 in _dl_catch_error () from /lib/ld-linux.so.2
(gdb) info local
No symbol table info available.
(gdb) up
#11 0x00948a15 in __libc_dlopen_mode () from /lib/libc.so.6
(gdb) info local
No symbol table info available.
(gdb) up
#12 0x00925609 in init () from /lib/libc.so.6
(gdb) up
#13 0x009257a3 in backtrace () from /lib/libc.so.6
(gdb) up
#14 0x0089e691 in __libc_message () from /lib/libc.so.6
(gdb) up
#15 0x008a6a15 in _int_free () from /lib/libc.so.6
(gdb) up
#16 0x008aaa89 in free () from /lib/libc.so.6
(gdb) up
#17 0x080be018 in free_char (ch=0xa0a7470) at db.c:3216
3216          free(ch->player_specials);
(gdb) info local
i = 10
a = <value optimized out>
(gdb) up
#18 0x080b76f8 in close_socket (d=0xa0aac70) at comm.c:2203
2203          free_char(d->character);
(gdb) info local
temp = <value optimized out>
(gdb) up
#19 0x080bb36b in game_loop (local_mother_desc=3) at comm.c:902
902              close_socket(d);
(gdb) info local
input_set = {__fds_bits = {56, 0 <repeats 31 times>}}
output_set = {__fds_bits = {48, 0 <repeats 31 times>}}
exc_set = {__fds_bits = {0 <repeats 32 times>}}
null_set = {__fds_bits = {0 <repeats 32 times>}}
last_time = {tv_sec = 1734562379, tv_usec = 746017}
opt_time = {tv_sec = 0, tv_usec = 100000}
process_time = {tv_sec = 0, tv_usec = 14851}
temp_time = {tv_sec = 0, tv_usec = 85149}
before_sleep = {tv_sec = 1734562379, tv_usec = 660868}
now = {tv_sec = 1734562379, tv_usec = 746692}
timeout = {tv_sec = 0, tv_usec = 0}
comm = "user\000 HTTP/1.1\000 of large proportions has been left here.\000\000uby.\000e.\000s heads.", '\000' <repeats 437 times>
d = 0xa0aac70
next_d = <value optimized out>
missed_pulses = <value optimized out>
maxdesc = <value optimized out>
aliased = 0
(gdb) up
#20 0x080bc847 in init_game (argc=Cannot access memory at address 0x0
) at comm.c:536
536      game_loop(mother_desc);
(gdb) info local
No locals.
(gdb) up
#21 main (argc=Cannot access memory at address 0x0
) at comm.c:356
356        init_game(port);
(gdb) info local
pos = <value optimized out>
dir = 0x8af1068 "lib"
(gdb) up

This looks like another bug entirely; here, we're freeing a part of a character struct, and to get here, the player needs to be logged in. Here, you can inspect which player was free'd by going to the frame and printing what's at the ch position: