URL: <http://gna.org/bugs/?20680>
Summary: Client crash on contacting metaserver, dependent on latest version advertised by metaserver Project: Freeciv Submitted by: jtn Submitted on: Fri Mar 29 12:04:04 2013 Category: client Severity: 5 - Blocker Priority: 5 - Normal Status: In Progress Assigned to: cazfi Originator Email: Open/Closed: Open Release: 2.4.0-beta1 Discussion Lock: Any Operating System: GNU/Linux Planned Release: 2.4.0-beta2, 2.5.0 _______________________________________________________ Details: Noticed my S2_4 client segfaulting shortly after choosing "Connect to Network Game". Turns out the version comparison (cvercmp) against what is advertised as latest from the metaserver has a couple of bugs: 0 In cvercmp_next_subtoken(), there's no check for '\0'. In the case of a string ending in a non-digit (such as "2.4.0-beta1+", we'll go off the end of the array and probably segfault (unless we happen to find a digit in random memory); 0 This is masked/compounded by another bug: in cvercmp_ver_subtokenize(), there's a spurious +1 causing subtokens to be missed. So in "beta1+", the "1" is skipped and we hit "+", triggering the previous bug; and when comparing "beta1" and "beta2", we'll skip over the digits and start at '\0', which is a non-digit and will also trigger the previous bug. I think we've been getting away with it in 2.4.0-beta1 because the metaserver and local strings compare equal before we do this check. So far I think only people running development code from svn are affected. (Not sure why it hasn't bitten me before now, to be honest.) Unfortunately I think this will cause crashes in existing beta1 installations when we release 2.4.0-beta2 and update the metaserver. I don't think there's anything to be done about that, other than advise people to upgrade. Assigning to cazfi initially as the fix will also want pushing to his cvercmp upstream <http://www.cazfi.net/other/cvercmp.html> and I guess he'll want to handle pulling the new version into Freeciv; however, I will commit this directly to Freeciv soon if it stalls. _______________________________________________________ Reply to this item at: <http://gna.org/bugs/?20680> _______________________________________________ Message sent via/by Gna! http://gna.org/ _______________________________________________ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev