[Freeciv-Dev] [bug #20680] Client crash on contacting metaserver, dependent on latest version advertised by metaserver

Fri, 29 Mar 2013 05:04:17 -0700 

URL:
  <http://gna.org/bugs/?20680>

                 Summary: Client crash on contacting metaserver, dependent on
latest version advertised by metaserver
                 Project: Freeciv
            Submitted by: jtn
            Submitted on: Fri Mar 29 12:04:04 2013
                Category: client
                Severity: 5 - Blocker
                Priority: 5 - Normal
                  Status: In Progress
             Assigned to: cazfi
        Originator Email: 
             Open/Closed: Open
                 Release: 2.4.0-beta1
         Discussion Lock: Any
        Operating System: GNU/Linux
         Planned Release: 2.4.0-beta2, 2.5.0

    _______________________________________________________

Details:

Noticed my S2_4 client segfaulting shortly after choosing "Connect to Network
Game".

Turns out the version comparison (cvercmp) against what is advertised as
latest from the metaserver has a couple of bugs:
0 In cvercmp_next_subtoken(), there's no check for '\0'. In the case of a
string ending in a non-digit (such as "2.4.0-beta1+", we'll go off the end of
the array and probably segfault (unless we happen to find a digit in random
memory);
0 This is masked/compounded by another bug: in cvercmp_ver_subtokenize(),
there's a spurious +1 causing subtokens to be missed. So in "beta1+", the "1"
is skipped and we hit "+", triggering the previous bug; and when comparing
"beta1" and "beta2", we'll skip over the digits and start at '\0', which is a
non-digit and will also trigger the previous bug.

I think we've been getting away with it in 2.4.0-beta1 because the metaserver
and local strings compare equal before we do this check. So far I think only
people running development code from svn are affected. (Not sure why it hasn't
bitten me before now, to be honest.)

Unfortunately I think this will cause crashes in existing beta1 installations
when we release 2.4.0-beta2 and update the metaserver. I don't think there's
anything to be done about that, other than advise people to upgrade.

Assigning to cazfi initially as the fix will also want pushing to his cvercmp
upstream <http://www.cazfi.net/other/cvercmp.html> and I guess he'll want to
handle pulling the new version into Freeciv; however, I will commit this
directly to Freeciv soon if it stalls.




    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?20680>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to