I know this is already "done" now, but anwyay... On Thu, May 20, 2010 at 2:02 PM, |ALPHA| Mad Professor <[email protected]> wrote: > So it seems that the "buffer exploit" that's running around UrT > servers is related to the QVM, at least from what I can tell that's > where it segfaults for the x86 QVM (using the interpreted QVM I get > "VM program counter out of range in OP_LEAVE" instead, still a crash).
With QVM debugging, these are the last few things it spits out before crashing: -----CUT----- 0---> systemcall(102) 1<--- NO SYMBOLS 1<--- NO SYMBOLS 1<--- NO SYMBOLS 1<--- NO SYMBOLS 1<--- NO SYMBOLS 0---> NO SYMBOLS 1<--- NO SYMBOLS 1---> NO SYMBOLS 2<--- NO SYMBOLS 0---> NO SYMBOLS 1---> NO SYMBOLS 2<--- NO SYMBOLS 1---> NO SYMBOLS 2<--- NO SYMBOLS 1---> NO SYMBOLS 2<--- NO SYMBOLS 1---> NO SYMBOLS 2<--- NO SYMBOLS 1---> NO SYMBOLS 2<--- NO SYMBOLS 0---> NO SYMBOLS 1<--- NO SYMBOLS 0---> NO SYMBOLS 1---> NO SYMBOLS 2---> systemcall(26) 3<--- NO SYMBOLS 2---> systemcall(26) 3<--- NO SYMBOLS 2---> systemcall(26) 3<--- NO SYMBOLS 2---> systemcall(26) 3<--- NO SYMBOLS 2---> systemcall(26) 3<--- NO SYMBOLS 2---> systemcall(26) 3<--- NO SYMBOLS 2---> systemcall(26) 3<--- NO SYMBOLS 2---> systemcall(26) 3<--- NO SYMBOLS 2<--- NO SYMBOLS 0---> NO SYMBOLS 1---> NO SYMBOLS 1---> NO SYMBOLS 2---> NO SYMBOLS 3<--- NO SYMBOLS 2<--- NO SYMBOLS 2<--- NO SYMBOLS 0---> NO SYMBOLS 0---> systemcall(102) 1<--- NO SYMBOLS 1<--- NO SYMBOLS 1<--- NO SYMBOLS 1<--- NO SYMBOLS 1<--- NO SYMBOLS 0---> NO SYMBOLS 1<--- NO SYMBOLS 1<--- NO SYMBOLS 1---> NO SYMBOLS ******************** ERROR: OP_LOAD4 misaligned ******************** ----- Server Shutdown (Server crashed: OP_LOAD4 misaligned) ----- Sending heartbeat to master.urbanterror.net Sending heartbeat to master.quake3arena.com Sending heartbeat to master.qtracker.com Sending heartbeat to master.urbanterror.net Sending heartbeat to master.quake3arena.com Sending heartbeat to master.qtracker.com VM_Call( 1 ) 0---> NO SYMBOLS 0---> NO SYMBOLS 0---> NO SYMBOLS 0---> NO SYMBOLS 1<--- NO SYMBOLS 0---> systemcall(0) ==== ShutdownGame ==== 1<--- NO SYMBOLS 1<--- NO SYMBOLS 0---> NO SYMBOLS 0---> NO SYMBOLS recursive error after: OP_LOAD4 misaligned Program exited with code 03. (gdb) -----CUT----- I agree that in the vm_x86 case the result of the exploit is a buffer overflow somewhere, but in the vm_interpreted case I found it surprising to get a completely different kind of "error" from the UrT game code. Probably more of a curious find than anything else. > This brings up the following question: Is the QVM designed to be safe > or not? Nobody said anything about this, but I'd assume that safety is not a concern for QVM. :-D -- |ALPHA| Mad Professor <[email protected]> http://www.urtalphaclan.com/ <><><> Home of El Guapo! _______________________________________________ ioquake3 mailing list [email protected] http://lists.ioquake.org/listinfo.cgi/ioquake3-ioquake.org By sending this message I agree to love ioquake3 and libsdl.
