Package: meritous Version: 1.2-1 Severity: important Tags: patch,upstream Meritous segfaults when trying to draw the first boss monster. The attached patch fixes the problem. It's a buffer overflow. tail_x[i+1] is written to with i == 9, but tail_x only has 10 elements (tail_y as well, but tail_x is what overwrites boss_spr, at least on my machine).
Thanks, Bas -- I encourage people to send encrypted e-mail (see http://www.gnupg.org). If you have problems reading my e-mail, use a better reader. Please send the central message of e-mails as plain text in the message body, not as HTML and definitely not as MS Word. Please do not use the MS Word format for attachments either. For more information, see http://pcbcn10.phys.rug.nl/e-mail.html
--- src/boss.c.orig 2008-02-10 12:28:41.000000000 +0100
+++ src/boss.c 2008-02-10 12:28:44.000000000 +0100
@@ -691,7 +691,7 @@ void DrawBoss()
} else {
if (dist(tail_x[0], tail_y[0], boss_x, boss_y) >= 24) {
if (boss_tail_len < 10) boss_tail_len++;
- for (i = 9; i >= 0; i--) {
+ for (i = 8; i >= 0; i--) {
tail_x[i+1] = tail_x[i];
tail_y[i+1] = tail_y[i];
}
signature.asc
Description: Digital signature

