Observation: Game crashed for no appaerant reason Date: 14-Apr-2001 Problem: platz_offsets[8] (an helper array of th AI code) was overwritten by a strcpy call with a wrong destination pointer. This happened during loading MIDI files when no sound card was detected and the max_midi was set to -1. In this case midi_title[-1] was the destination of the strcpy call. This was a bounds violation problem! Solution: Checks max_midi for valid range before calling strcpy now. Time to find: 20 min Time to fix: 3 min Places to fix: 1 ------------------------------------------------------------------------ Observation: Random crashes Date: 14-Apr-2001 Problem: The game is crashing with errors in malloc. Test with guarded_malloc told that the tile_dirty array in simgraph.c suffered from an underrun. Solution: Added assert calls to all array acesses. Found an out of bound access. Added bounds clipping to this access. Time to find: 45 min Time to fix: 5 min Places to fix: 1 ------------------------------------------------------------------------ Observation: The game crashed when removing a square of road Date: 13-Apr-2001 Problem: There were cloads on this sqaure. Removing the clouds from the square by calling delete() without removing them from the games sync object list in advance leads to a dangling pointer and sometimes to a crash or undefined behavior in other cases. Solution: Remove cloads from sync object list before calling delete on them. Was done by implementing the entferne() method for this class which is called by the remover tool before calling delete and removing the cloud from the sync object list from within this method. Time to find: 15 min (this was a lucky one!) Time to fix: 6 min Places to fix: 1 locations ------------------------------------------------------------------------ Observation: The game was aborted when clicking on an empty square in the train depot (This was very similar to an already fixed bug.) Date: 11-Apr-2001 Problem: A bounds check failed and aborted the game, when clicking an emtpy place int the depot window while being in sell mode. (Difference to the already fixed bug is only being in sell mode!) Solution: Checking the indices before accessing the array. (That array was bounds checked anyways, but a bound violation when accessing a checked array leads to program termination). Time to find: 6 hours (it was not reported this only happens in sell mode!) Time to fix: 15 min Places to fix: 3 locations ------------------------------------------------------------------------ Observation: The game was aborted when clicking on an empty square in the train depot Date: 04-Apr-2001 Problem: A bounds check failed and aborted the game, when clicking an emtpy place int the depot window while being in standard depot operation mode. Solution: Checking the indices before accessing the array. (That array was bounds checked anyways, but a bound violation when accessing a checked array leads to program termination). Time to find: 15 min Time to fix: 20 min Places to fix: 5 locations ------------------------------------------------------------------------ Observation: The AI sometimes just buys trailers Date: 01-Apr-2001 Problem: The AI did not know anything about vehicle powers, and that veicles with a power of 0 can't drive by themselves. Solution: The AI checks the vehicle power before buying the vehicle. This is no 'perfect' solution. Better would be to let the AI choose one from all possible vehicles. Time to find: 25 min Time to fix: 20 min Places to fix: 3 locations ------------------------------------------------------------------------ Observation: A node was inserted into the freelist of the node container twice. Problem: The pointer to the node was read agin after tehndoes content was modified during insertion in the free list. A wrong link pointer was read from the node which screwed up the node lists on both objects. Solution: Read 'next' pointer into a temp variable before handing the node back to the freelist and use the temp variable after that. Time to find: 30 min Time to fix: 5 min Places to fix: 4 locations ------------------------------------------------------------------------ Observation: Freelist of node_conatiner_t is truncated or out of sync with insertion counters. Problem: The freelist is static (common to all node_container_t) but it was set to 0 in every node_container_t constructor. This assignment truncated the list. Was also a memory leak. Solution: remove assignemt (freelist=0) from constructor. Time to find: 3 hours Time to fix: 1 min Places to fix: 1 location ------------------------------------------------------------------------ written by Hj. Malthaner Initial version March 2001