Package: xpat2
Version: 1.07-19
Severity: important
Tags: patch
Dear Maintainer,
Trying to save any game in xpat2 under Debian Jessie always triggers a crash
with the following message:
*** stack smashing detected ***: xpat2 terminated
A file corresponding to the game to save is created nonetheless, but this file
cannot be re-read by xpat2.
A quick investigation of this issue (thanks to valgrind) lead me to the function
save_game in src/loadsave.c, where the "args" and "p" variables have an
hardcoded
length of 24 and 4*24, while (at least) the line 228 (calling
internal_to_portable)
seems to expect them to have length NARGS and 4*NARGS. And NARGS is defined to
32
at the top of this file. Using NARGS instead of 24 in the definition of "args"
and
"p" (see attached patch) seems to fix this issue : no more crash and the saved
files
can be re-read successfully by xpat2.
Best regards (and thanks for providing this great game)
Pierre L.
-- System Information:
Debian Release: 8.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) (ignored: LC_ALL
set to fr_FR.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages xpat2 depends on:
ii libc6 2.19-18+deb8u3
ii libx11-6 2:1.6.2-3
ii libxaw7 2:1.0.12-2+b1
ii libxmu6 2:1.1.2-1
ii libxpm4 1:3.5.11-1+b1
ii libxt6 1:1.1.4-1+b1
xpat2 recommends no packages.
xpat2 suggests no packages.
-- no debconf information
--- src/loadsave.c 2016-03-01 12:31:14.000000000 +0100
+++ src/loadsave.c.fixed 2016-03-01 12:32:06.757014851 +0100
@@ -157,11 +157,11 @@
void save_game(const char *file) {
FILE *fp;
- char buffer[32];
+ char buffer[BUFSIZE];
char filename[64]; /* must be 15 at least */
- long args[24];
+ long args[NARGS];
int i;
- unsigned char p[4 * 24];
+ unsigned char p[4 * NARGS];
if (!file) {
/* compute the filename to use */