Solène Rapenne <[email protected]> writes: > There is a bug in games/slash which can be annoying, I'm using -current > at the moment of this mail. When you start the game and you want to > choose your character, whatever your pick, the game ends with abort trap > like this (where I pick A) => > >>An Archeologist, a Barbarian, a Caveman, [..], or a Wizard? >> [A,B,C,D,E,F,G,H,I,K,L,M,N,P,R,S,T,U,V,W, or Q] AAbort trap > > This does not simply stop the games (no process alive), it creates a > file named {a,b,c,d}lock.0 in the game dir. Once you reach a 4rd game > lock, the game will tell you that you "Too many hacks running now." and > you can't play until you remove the .0 files.
It's a stack buffer overflow, the problem is that a 128 bytes buffer is used to build a string that spans the terminal width. The crash doesn't trigger with a small terminal here, nor with the following patch. 1024 columns ought to be enough for anybody. Index: Makefile =================================================================== RCS file: /d/cvs/ports/games/slash/Makefile,v retrieving revision 1.46 diff -u -p -r1.46 Makefile --- Makefile 31 Mar 2015 09:44:48 -0000 1.46 +++ Makefile 24 Nov 2016 00:28:18 -0000 @@ -4,7 +4,7 @@ COMMENT = dungeon explorin', hackin' gam DISTNAME = slash-e8 PKGNAME = slash-3.2.2.e8 -REVISION = 4 +REVISION = 5 CATEGORIES = games MASTER_SITES = ftp://ftp.nethack.org/pub/nethack/oldver/3.2.2/src/ \ Index: patches/patch-include_global_h =================================================================== RCS file: patches/patch-include_global_h diff -N patches/patch-include_global_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-include_global_h 24 Nov 2016 02:51:17 -0000 @@ -0,0 +1,16 @@ +$OpenBSD$ + +Bump QBUFSZ to cope for large terminals and avoid stack buffer +overflows. + +--- include/global.h.orig Thu Nov 24 03:49:47 2016 ++++ include/global.h Thu Nov 24 03:50:14 2016 +@@ -297,7 +297,7 @@ struct version_info { + #define DOORMAX 120 /* max number of doors per level */ + + #define BUFSZ 256 /* for getlin buffers */ +-#define QBUFSZ 128 /* for building question text */ ++#define QBUFSZ 1024 /* for building question text */ + + #define PL_NSIZ 32 /* name of player, ghost, shopkeeper */ + #define PL_CSIZ 32 /* sizeof pl_character */ -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
