Bug#695262: bsdgames-nonfree: Coredump after loading save file

Thu, 06 Dec 2012 02:18:20 -0800 

Package: bsdgames-nonfree
Version: 2.17-4
Severity: normal
Tags: upstream patch

Dear Maintainer,

When running the game, saving and then reloading, I sometimes get a segfault.
I managed to track down the problem.  Rogue's objects use a const char* to
represent damage (e.g. "1d3").  The pointer to this string gets saved in the
savefile, but not the string itself.  When the program is run again, the
pointer is no longer valid, leading to segfaults.

A solution to this is to use a fixed size array of char's (I used char[7]
so that the size remains the same).  Then the whole object will be a simple
POD and serialize correctly.  I have attached a patch (patch -p6 < 
bsdgames.patch).

Note that this will break save files.  But you could argue that they were
already broken ;)

Cheers,
Walter Landry
wlan...@caltech.edu

diff -ru /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/
diff -ru /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/init.c 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/init.c
--- /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/init.c 
2003-12-16 18:47:37.000000000 -0800
+++ /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/init.c 
2012-12-06 01:28:28.160049621 -0800
@@ -159,7 +159,7 @@
        obj = alloc_object();           /* initial weapons */
        obj->what_is = WEAPON;
        obj->which_kind = MACE;
-       obj->damage = "2d3";
+       strncpy(obj->damage,"2d3",7);
        obj->hit_enchant = obj->d_enchant = 1;
        obj->identified = 1;
        (void) add_to_pack(obj, &rogue.pack, 1);
@@ -168,7 +168,7 @@
        obj = alloc_object();
        obj->what_is = WEAPON;
        obj->which_kind = BOW;
-       obj->damage = "1d2";
+       strncpy(obj->damage,"1d2",7);
        obj->hit_enchant = 1;
        obj->d_enchant = 0;
        obj->identified = 1;
@@ -178,7 +178,7 @@
        obj->what_is = WEAPON;
        obj->which_kind = ARROW;
        obj->quantity = get_rand(25, 35);
-       obj->damage = "1d2";
+       strncpy(obj->damage,"1d2",7);
        obj->hit_enchant = 0;
        obj->d_enchant = 0;
        obj->identified = 1;
diff -ru /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/object.c 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/object.c
--- /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/object.c       
2003-12-16 18:47:37.000000000 -0800
+++ 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/object.c   
    2012-12-05 23:33:49.596264092 -0800
@@ -536,25 +536,25 @@
        switch(obj->which_kind) {
        case BOW:
        case DART:
-               obj->damage = "1d1";
+          strncpy(obj->damage,"1d1",7);
                break;
        case ARROW:
-               obj->damage = "1d2";
+          strncpy(obj->damage,"1d2",7);
                break;
        case DAGGER:
-               obj->damage = "1d3";
+          strncpy(obj->damage,"1d3",7);
                break;
        case SHURIKEN:
-               obj->damage = "1d4";
+          strncpy(obj->damage,"1d4",7);
                break;
        case MACE:
-               obj->damage = "2d3";
+          strncpy(obj->damage,"2d3",7);
                break;
        case LONG_SWORD:
-               obj->damage = "3d4";
+          strncpy(obj->damage,"3d4",7);
                break;
        case TWO_HANDED_SWORD:
-               obj->damage = "4d5";
+          strncpy(obj->damage,"4d5",7);
                break;
        }
 }
@@ -645,7 +645,7 @@
        obj->picked_up = obj->is_cursed = 0;
        obj->in_use_flags = NOT_USED;
        obj->identified = UNIDENTIFIED;
-       obj->damage = "1d1";
+       strncpy(obj->damage,"1d1",7);
        return(obj);
 }
 
diff -ru /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/rogue.h 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/rogue.h
--- /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/rogue.h        
2005-02-15 22:24:50.000000000 -0800
+++ 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/rogue.h    
    2012-12-05 23:31:08.344256787 -0800
@@ -219,7 +219,7 @@
 
 struct obj {                           /* comment is monster meaning */
        unsigned long m_flags;  /* monster flags */
-       const char *damage;             /* damage it does */
+       char damage[7];         /* damage it does */
        short quantity;                 /* hit points to kill */
        short ichar;                    /* 'A' is for aquatar */
        short kill_exp;                 /* exp for killing it */



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bsdgames-nonfree depends on:
ii  libc6        2.13-37
ii  libncurses5  5.9-10
ii  libtinfo5    5.9-10

bsdgames-nonfree recommends no packages.

Versions of packages bsdgames-nonfree suggests:
pn  bsdgames  <none>

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to