Crash on 2.4.27 corrupted size vs. prev_size

[bz-next]

I switched to 2.4.27 recently to try to help debug the next release.

I visited a replay server and poked around for a bit, then left, and tried joining a different replay server.

The client crashed with:

corrupted size vs. prev_size
Aborted (core dumped)

Version string: BZFlag client 2.4.27.20240320-DEVEL-linux-gnu-SDL2 (protocol 0221) http://BZFlag.org/
uname -a Linux fedora 6.7.9-200.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 6 19:35:04 UTC 2024 x86_64 GNU/Linux

I didn't actually have core dumps enabled on my OS, so I don't have a backtrace.

I'll update here if I can reproduce it.

[bz-next]

I was able to precipitate a similar crash when trying to rejoin a replay server:

#0  0x00007ffff76ae834 in __pthread_kill_implementation () from /lib64/libc.so.6
#1  0x00007ffff765c8ee in raise () from /lib64/libc.so.6
#2  0x00007ffff76448ff in abort () from /lib64/libc.so.6
#3  0x00007ffff76457d0 in __libc_message.cold () from /lib64/libc.so.6
#4  0x00007ffff76b87a5 in malloc_printerr () from /lib64/libc.so.6
#5  0x00007ffff76baafc in _int_free () from /lib64/libc.so.6
#6  0x00007ffff76bd3de in free () from /lib64/libc.so.6
#7  0x0000000000514c91 in World::freeFlags (this=0x1105840) at World.cxx:530
#8  0x000000000051358f in World::~World (this=0x1105840, __in_chrg=<optimized out>) at World.cxx:79
#9  0x000000000054c8cc in leaveGame () at playing.cxx:5381
#10 0x00000000005537b5 in playingLoop () at playing.cxx:6999
#11 0x00000000005567c2 in startPlaying (_display=0x8082a0, renderer=...) at playing.cxx:7873
#12 0x000000000052b8a9 in main (argc=1, argv=0x7fffffffdea8) at bzflag.cxx:1404

There was a server message when the replay was loaded, warning to expect client crashes with an incompatible replay without rejoining.