Bug#695262: bsdgames-nonfree: Coredump after loading save file

[Walter Landry]

Package: bsdgames-nonfree
Version: 2.17-4
Severity: normal
Tags: upstream patch

Dear Maintainer,

When running the game, saving and then reloading, I sometimes get a segfault.
I managed to track down the problem.  Rogue's objects use a const char* to
represent damage (e.g. 1d3).  The pointer to this string gets saved in the
savefile, but not the string itself.  When the program is run again, the
pointer is no longer valid, leading to segfaults.

A solution to this is to use a fixed size array of char's (I used char[7]
so that the size remains the same).  Then the whole object will be a simple
POD and serialize correctly.  I have attached a patch (patch -p6  
bsdgames.patch).

Note that this will break save files.  But you could argue that they were
already broken ;)

Cheers,
Walter Landry
wlan...@caltech.edu

diff -ru /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/
diff -ru /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/init.c 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/init.c
--- /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/init.c 
2003-12-16 18:47:37.0 -0800
+++ /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/init.c 
2012-12-06 01:28:28.160049621 -0800
@@ -159,7 +159,7 @@
obj = alloc_object();   /* initial weapons */
obj-what_is = WEAPON;
obj-which_kind = MACE;
-   obj-damage = 2d3;
+   strncpy(obj-damage,2d3,7);
obj-hit_enchant = obj-d_enchant = 1;
obj-identified = 1;
(void) add_to_pack(obj, rogue.pack, 1);
@@ -168,7 +168,7 @@
obj = alloc_object();
obj-what_is = WEAPON;
obj-which_kind = BOW;
-   obj-damage = 1d2;
+   strncpy(obj-damage,1d2,7);
obj-hit_enchant = 1;
obj-d_enchant = 0;
obj-identified = 1;
@@ -178,7 +178,7 @@
obj-what_is = WEAPON;
obj-which_kind = ARROW;
obj-quantity = get_rand(25, 35);
-   obj-damage = 1d2;
+   strncpy(obj-damage,1d2,7);
obj-hit_enchant = 0;
obj-d_enchant = 0;
obj-identified = 1;
diff -ru /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/object.c 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/object.c
--- /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/object.c   
2003-12-16 18:47:37.0 -0800
+++ 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/object.c   
2012-12-05 23:33:49.596264092 -0800
@@ -536,25 +536,25 @@
switch(obj-which_kind) {
case BOW:
case DART:
-   obj-damage = 1d1;
+  strncpy(obj-damage,1d1,7);
break;
case ARROW:
-   obj-damage = 1d2;
+  strncpy(obj-damage,1d2,7);
break;
case DAGGER:
-   obj-damage = 1d3;
+  strncpy(obj-damage,1d3,7);
break;
case SHURIKEN:
-   obj-damage = 1d4;
+  strncpy(obj-damage,1d4,7);
break;
case MACE:
-   obj-damage = 2d3;
+  strncpy(obj-damage,2d3,7);
break;
case LONG_SWORD:
-   obj-damage = 3d4;
+  strncpy(obj-damage,3d4,7);
break;
case TWO_HANDED_SWORD:
-   obj-damage = 4d5;
+  strncpy(obj-damage,4d5,7);
break;
}
 }
@@ -645,7 +645,7 @@
obj-picked_up = obj-is_cursed = 0;
obj-in_use_flags = NOT_USED;
obj-identified = UNIDENTIFIED;
-   obj-damage = 1d1;
+   strncpy(obj-damage,1d1,7);
return(obj);
 }
 
diff -ru /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/rogue.h 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/rogue.h
--- /home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17/rogue/rogue.h
2005-02-15 22:24:50.0 -0800
+++ 
/home/boo/random_stuff/roguelike/bsdgames-nonfree-2.17_patched/rogue/rogue.h
2012-12-05 23:31:08.344256787 -0800
@@ -219,7 +219,7 @@
 
 struct obj {   /* comment is monster meaning */
unsigned long m_flags;  /* monster flags */
-   const char *damage; /* damage it does */
+   char damage[7]; /* damage it does */
short quantity; /* hit points to kill */
short ichar;/* 'A' is for aquatar */
short kill_exp; /* exp for killing it */



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bsdgames-nonfree depends on:
ii  libc62.13-37
ii  libncurses5  5.9-10
ii  libtinfo5

Bug#695262: bsdgames-nonfree: Coredump after loading save file

[Aaron M. Ucko]

Walter Landry wlan...@caltech.edu writes:

 When running the game, saving and then reloading, I sometimes get a segfault.
 I managed to track down the problem.  Rogue's objects use a const char* to
 represent damage (e.g. 1d3).  The pointer to this string gets saved in the
 savefile, but not the string itself.  When the program is run again, the
 pointer is no longer valid, leading to segfaults.

Thanks for the helpful report!  I appreciate your fix suggestion, but
would prefer to patch the loading code to reconstruct obj-damage from
obj-kind, which uniquely determines it AFAICT; I'll take care of that
when I get a chance.

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org