<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40486 >

Good daytime!

S2_2, r15205.
Loading game crashes civserver with buffer overflow.

Reason: too small buffer in player_load_vision()

Attached patch works for me, though I guess we need smth like
fc_s[n]printf().

PS. I'm having troubles with internet connection, so I may be
unreachable for a while.

-- 
Thanks, evyscr

Index: server/savegame.c
===================================================================
--- server/savegame.c	(revision 15206)
+++ server/savegame.c	(working copy)
@@ -3018,9 +3018,9 @@
       zeroline[i]= '\0';
 
       bases_halfbyte_iterate(j) {
-        char buf[16]; /* enough for sprintf() below */
+        char buf[32]; /* should be enough for snprintf() below */
 
-        sprintf(buf, "player%d.map_b%02d_%%03d", plrno, j);
+        snprintf(buf, sizeof(buf), "player%d.map_b%02d_%%03d", plrno, j);
 
         LOAD_MAP_DATA(ch, nat_y, ptile,
                       secfile_lookup_str_default(file, zeroline, buf, nat_y),
_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to