tags 807425 + patch thanks On Wed, Dec 09, 2015 at 01:55:27AM +0800, Ying-Chun Liu (PaulLiu) wrote: > Andrej Mernik 於 2015年12月09日 01:18 寫道: > > Package: gbatnav > > Version: 1.0.4cvs20051004-5 > > Severity: important
> > gbnclient keeps crashing when trying to play a game with a robot: > > > > gbnclient: Error in buscar_usr: usr=0 > > gbnrobot: robot 1: que_usrfrom: Error, aca no tendria que llegar > > Segmentation fault > There is a bug. Actually several bugs. Actually, it's only one bug. According to the C standard and the glibc manual, the behavior of strncpy is undefined if strings overlap. So this worked by chance with older toolchain versions, most probably only on certain set of architectures. Attached is a patch which fixes the problem for me. I also noticed (unrelated) buffer overflow which is also addressed by the patch. > But this bug is not a single bug. > 1. gbnclient crashes. > 2. gbnrobot sends weird board layout. > 3. gbnserver non sync. This happens because both buscar_usr and que_usrfrom perform consistency checks but the program continues execution instead of exiting immediately with a proper error message.
Description: Fix crash when playing locally against a robot. Also fix buffer overflow in gbnserver. Bug-Debian: https://bugs.debian.org/807425 Author: Yavor Doganov <[email protected]> Forwarded: no Last-Update: 2018-09-20 --- --- gbatnav-1.0.4cvs20051004.orig/common/parser.c +++ gbatnav-1.0.4cvs20051004/common/parser.c @@ -85,7 +85,7 @@ p_in->status=TRUE; return FALSE; case PARSER_SEPARADOR: - strncpy(p_in->sig, &p_in->sig[k+1], sizeof(p_in->sig) ); + memmove(p_in->sig, &p_in->sig[k+1], sizeof(p_in->sig) ); p_in->status=TRUE; return TRUE; case PARSER_IGUAL: @@ -93,7 +93,7 @@ return FALSE; if(j==PARSER_IGUAL || j==PARSER_SEPARADOR ) k++; - strncpy(p_in->sig, &p_in->sig[k2+k+1],sizeof(p_in->sig) ); + memmove(p_in->sig, &p_in->sig[k2+k+1],sizeof(p_in->sig) ); if( j==PARSER_ERROR || j==PARSER_IGUAL ) return FALSE; p_in->status=TRUE; /* hasta aca todo fue bien leido */ --- gbatnav-1.0.4cvs20051004.orig/gbnserver/gbnserver.c +++ gbatnav-1.0.4cvs20051004/gbnserver/gbnserver.c @@ -366,7 +366,7 @@ */ void main_loop() { - usuario.sock = net_listen(NULL,usuario.port); + usuario.sock = net_listen(usuario.server_name,usuario.port); init_screen(); @@ -399,7 +399,7 @@ if( ! usuario.with_ggz) gnome_init_with_popt_table("gbnserver", BNVERSION, argc, argv, options,0, NULL); - gethostname(usuario.server_name,PROT_MAX_LEN); + gethostname(usuario.server_name,50); printf( "\n" BNVERSION"\n"
