Package: meritous
Version: 1.2-1
Severity: important
Tags: patch,upstream

Meritous segfaults when trying to draw the first boss monster.  The
attached patch fixes the problem.  It's a buffer overflow.  tail_x[i+1]
is written to with i == 9, but tail_x only has 10 elements (tail_y as
well, but tail_x is what overwrites boss_spr, at least on my machine).

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://pcbcn10.phys.rug.nl/e-mail.html
--- src/boss.c.orig	2008-02-10 12:28:41.000000000 +0100
+++ src/boss.c	2008-02-10 12:28:44.000000000 +0100
@@ -691,7 +691,7 @@ void DrawBoss()
 			} else {
 				if (dist(tail_x[0], tail_y[0], boss_x, boss_y) >= 24) {
 					if (boss_tail_len < 10) boss_tail_len++;
-					for (i = 9; i >= 0; i--) {
+					for (i = 8; i >= 0; i--) {
 						tail_x[i+1] = tail_x[i];
 						tail_y[i+1] = tail_y[i];
 					}

Attachment: signature.asc
Description: Digital signature

Reply via email to