Bug#478213: [PATCH] Powermanga segfault due to array overrun

Mon, 26 Dec 2011 21:48:18 -0800 

Hi All,

I've been experiencing sporadic segfaults as well over the years, and
finally today I caught it while running powermanga (with full debugging
symbols) under gdb. I can confirm that what Kalle Olavi Niemitalo said
is correct: img_old_angle is assigned the value of img_angle before
img_angle is clipped by the array bounds, so there is a possibility of
it being out of bounds.

Here's a patch to fix this bug:

--- tmp/powermanga-0.90.orig/src/shots.c        2007-08-24 00:55:17.000000000 
-0700
+++ powermanga-0.90-dfsg/src/shots.c    2011-12-26 21:10:28.000000000 -0800
@@ -447,8 +447,6 @@
           {
             bullet->img_angle = (Sint16) (bullet->angle / PI_SUR_16);
           }
-        /* save current angle for the calculation of the next angle */
-        bullet->img_old_angle = bullet->img_angle;
         /* avoid negative indexes */
         bullet->img_angle = (Sint16) abs (bullet->img_angle);
         /* avoid a shot angle higher than the number of images */
@@ -456,6 +454,8 @@
           {
             bullet->img_angle = (Sint16) (bullet->spr.numof_images - 1);
           }
+        /* save current angle for the calculation of the next angle */
+        bullet->img_old_angle = bullet->img_angle;
         /* draw the shot sprite */
         draw_sprite (bullet->spr.
                      img[bullet->img_angle],


Please apply the patch and upload. Thanks!! :)


T

-- 
Change is inevitable, except from a vending machine.

--- tmp/powermanga-0.90.orig/src/shots.c	2007-08-24 00:55:17.000000000 -0700
+++ powermanga-0.90-dfsg/src/shots.c	2011-12-26 21:10:28.000000000 -0800
@@ -447,8 +447,6 @@
           {
             bullet->img_angle = (Sint16) (bullet->angle / PI_SUR_16);
           }
-        /* save current angle for the calculation of the next angle */
-        bullet->img_old_angle = bullet->img_angle;
         /* avoid negative indexes */
         bullet->img_angle = (Sint16) abs (bullet->img_angle);
         /* avoid a shot angle higher than the number of images */
@@ -456,6 +454,8 @@
           {
             bullet->img_angle = (Sint16) (bullet->spr.numof_images - 1);
           }
+        /* save current angle for the calculation of the next angle */
+        bullet->img_old_angle = bullet->img_angle;
         /* draw the shot sprite */
         draw_sprite (bullet->spr.
                      img[bullet->img_angle],

Attachment: signature.asc
Description: Digital signature

Reply via email to