Your message dated Thu, 26 Nov 2015 21:20:43 +0000
with message-id <[email protected]>
and subject line Bug#785109: fixed in asylum 0.3.2-2
has caused the Debian Bug report #785109,
regarding buffer overruns...
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
785109: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785109
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: asylum
Version: 0.3.2-1
Tags: patch

I tried to debug the segfault I get sometime at the end of the second level. 
This is what I found. two buffer overruns... a stale FILE*...
Perhaps there's more... 
Did not get to finish the second level yet...

The keyword[12] and FILE* was found using cppcheck. 
The *spaceptr= was flagged by dmalloc:
[...]
1431426941: 40000: process pid = 4165
1431426941: 40000:   error details: checking user pointer
1431426941: 40000:   pointer '0xb5b9e008' from 'unknown' prev access 
'file.c:145'
1431426941: 40000:   dump of proper fence-top bytes: 'i\336\312\372'
1431426941: 40000:   dump of '0xb5b9e008'+28480: 
'\022\013\'\000\022\f\'\000\022\r\'\000\022\016\'\000\377\336\312\372'
1431426941: 40000:   next pointer '0xb5ba5000' (size 19657) may have run under 
from 'file.c:145'
1431426941: 40000: ERROR: _dmalloc_chunk_heap_check: failed OVER picket-fence 
magic-number check (err 27)
[...]


please apply the patch


diff -uprN ./asylum_orig/asylum.c ./asylum-0.3.2/asylum.c
--- ./asylum_orig/asylum.c	2009-08-03 00:21:07.000000000 +0200
+++ ./asylum-0.3.2/asylum.c	2015-05-12 11:09:27.000000000 +0200
@@ -665,7 +665,7 @@ char idpermitstring[] = "You are now per
 
 void loadconfig()
 {
-    char keyword[12];
+    char keyword[13];
 
     FILE* r0 = find_config(0x40); // read access
     if (r0 != NULL)
diff -uprN ./asylum_orig/file.c ./asylum-0.3.2/file.c
--- ./asylum_orig/file.c	2008-12-10 05:12:29.000000000 +0100
+++ ./asylum-0.3.2/file.c	2015-05-12 14:18:36.000000000 +0200
@@ -142,7 +142,7 @@ int loadvitalfile(char** spaceptr, char*
     strcat(fullname, r1);
     int r4 = swi_osfile(15, fullname, 0, 0);
     if (r4 <= 0) fatalfile();
-    *spaceptr = (char*)malloc(r4);
+    *spaceptr = (char*)malloc(r4+1);
     if (swi_osfile(14, fullname, *spaceptr, 0)) fatalfile();
     return r4;
 }
@@ -362,7 +362,11 @@ int swi_blitz_hammerop(int op, char* nam
         fclose(f); return op;
     }                            // file is not Hammered
 
-    if (op == 0) return 0x24000; // hack: should return length
+    if (op == 0)
+    {
+        fclose(f);
+        return 0x024000; // hack: should return length
+    }
     char a[524288];
     int p = 0;
     char c;

--- End Message ---
--- Begin Message ---
Source: asylum
Source-Version: 0.3.2-2

We believe that the bug you reported is fixed in the latest version of
asylum, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated asylum package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 Nov 2015 20:50:18 +0100
Source: asylum
Binary: asylum asylum-data
Architecture: source
Version: 0.3.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team <[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description:
 asylum     - surreal platform shooting game
 asylum-data - surreal platform shooting game - data files
Closes: 785109
Changes:
 asylum (0.3.2-2) unstable; urgency=medium
 .
   * Team upload.
   * wrap-and-sort -sa.
   * Declare compliance with Debian Policy 3.9.6.
   * Use compat level 9 and require debhelper >= 9.
   * Switch to source format 3.0 (quilt).
   * Use canonical Vcs-URI.
   * asylum-data: Suggest asylum.
   * asylum.desktop: Add keywords and comment in German.
   * Convert debian/rules to dh sequencer. Add asylum.manpages file.
   * Fix buffer overruns and compiler warnings.
     Thanks to Johann Klammer for the report and Peter De Wachter for the
     patches. (Closes: #785109)
   * Add ${misc:Depends} to asylum-data.
   * Add clean file and remove pre-built asylum binary.
Checksums-Sha1:
 f798127fdb47d3aa7e5584dd46e66d7d06192849 2182 asylum_0.3.2-2.dsc
 4234efc43caa0a66d6f08959b242fdb2318361c4 5780 asylum_0.3.2-2.debian.tar.xz
Checksums-Sha256:
 22e8d442cab8feed733d4519f961888f770cbfa5d543a0e98ff9ae52e370df73 2182 
asylum_0.3.2-2.dsc
 a794a8a681443ace62081ee9e6ce6f7874d2f2ec152bfa0f85ebb6033f702d10 5780 
asylum_0.3.2-2.debian.tar.xz
Files:
 f31f72ae6c4e040f5a0c454e79d6e297 2182 games optional asylum_0.3.2-2.dsc
 3763da4609a070bd3be47e909a40fc0d 5780 games optional 
asylum_0.3.2-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJWV2m5XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkr9wP/iLrsp8fIduNm8WxWJiKPf22
6JzUmopij/uDFHYeeymEQTC54AkC4DxPjR1C2gSvBQtoLdtE4ZLt63cnJpa+lvzB
8/Mbz6WJFzkp83zlfBIkgAYDlkeCZMUNzXh3u6nra10RAeefPaIv8BJymw6wYGYk
sOTW8JEscfKfQQ9Ehvn6fZRWUv1f37BiVJdTldwI6skjyRFAfUIiFlGE9I6XQidA
O5udGpAFqz/g/dBD2cNmA8SdJ4RXX+IpPO+1tMNpBO6RoIaVt2yUBSUNPTt1uXlm
Z7quyNJZ/4FoBYmr4EYKHkefTcccpufLQtyNoN9hdrwaZksAAMKhGQpD6GfFOvNK
o4aatnT3dGK6HUxB9plGhNsiG6fp+ikUmAWIsGsNHoOno5av/OryAlN2CNEi1FpI
DaQU7vhLnS0RI7Kw3qmv4xrXN4UnHgq5NSVLQg/KuBQIp/AE1/BJvLl6EtQSlzRW
ZTDF/Af68JIvIEWxnSNOLw96PJd4pfCBomRC6lDVYuASOMKvARSWLTQbVMlMRgdH
UTC/ng+FlzVf8gJk6t/yr11KfIszzNIUZM8X4utp28x1Wbg4M/mk07ZXRS+DlJLt
uQz74OiKRhaoTYu6Ze6CCmm591DO//7HvfmI23OEI8pSVkzIljRftUqYS+a72AUc
alPcnYA9J9VhAnnw/KuF
=4rpv
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to