[Wesnoth-bugs] [bug #25204] use after free when advancing unit in test scenario

2016-10-20 Thread Daniel 
Update of bug #25204 (project wesnoth):

  Status:  Ready For Test => Fixed  


___

Reply to this item at:

  

___
  Nachricht gesendet von/durch Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25204] use after free when advancing unit in test scenario

2016-10-20 Thread Matthias Krüger 
Follow-up Comment #2, bug #25204 (project wesnoth):

Looks good.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #24937] Problems with loading/deleting file names with spaces

2016-10-20 Thread Daniel 
Follow-up Comment #6, bug #24937 (project wesnoth):

As i said in some other thea my earler post here about "The is most likeley
caused by out use of std::strftime" went accidnetly here and belonged to
another issue.


The problem here is that our ui code translated spaces to underscores, so that
when you type 'a b' in the savegame dialog the generated filename is actually
'a_b', a similar code is also in the loadgame dialog.

___

Reply to this item at:

  

___
  Nachricht gesendet von/durch Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25081] memleaks in tutorial start

2016-10-20 Thread Daniel 
Update of bug #25081 (project wesnoth):

  Status:None => Ready For Test 


___

Reply to this item at:

  

___
  Nachricht gesendet von/durch Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25204] use after free when advancing unit in test scenario

2016-10-20 Thread Daniel 
Update of bug #25204 (project wesnoth):

  Status:None => Ready For Test 

___

Follow-up Comment #1:

https://github.com/wesnoth/wesnoth/commit/00e008df5d59bb87fb482bf60915b107ffc7446a

___

Reply to this item at:

  

___
  Nachricht gesendet von/durch Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #24502] UB showing unit description in 'help'

2016-10-20 Thread Ignacio R. Morelle 
Update of bug #24502 (project wesnoth):

  Status:Works For Me => Fixed  
 Assigned to:None => shadowmaster   
 Open/Closed:  Closed => Open   

___

Follow-up Comment #5:

I must've fixed this back in August when trying to fix a related compiler
warning
.

Opening again per policy since this bug fix hasn't been released yet (it'll be
in 1.13.6).

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25080] UB in map resize window

2016-10-20 Thread Wedge009 
Follow-up Comment #3, bug #25080 (project wesnoth):

I was wondering about that. expand_direction_ is defined as a
EXPAND_DIRECTION& and I'm not quite sure what the intention was behind that.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25079] UB in font code

2016-10-20 Thread Wedge009 
Update of bug #25079 (project wesnoth):

  Status: Invalid => None   
 Open/Closed:  Closed => Open   

___

Follow-up Comment #5:

Oh, right. I'll have another look later, then.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25089] editor: buffer overflow while expanding map

2016-10-20 Thread Daniel 
Update of bug #25089 (project wesnoth):

  Status:  Ready For Test => Fixed  


___

Reply to this item at:

  

___
  Nachricht gesendet von/durch Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25089] editor: buffer overflow while expanding map

2016-10-20 Thread Matthias Krüger 
Follow-up Comment #4, bug #25089 (project wesnoth):

I could not longer reproduce; resizing seems to work now.

Here and there the editor still crashed due to invalid terrain being accessed
but this is a different issue (  https://gna.org/bugs/index.php?25161 ).



___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25089] editor: buffer overflow while expanding map

2016-10-20 Thread Daniel 
Update of bug #25089 (project wesnoth):

  Status:None => Ready For Test 

___

Follow-up Comment #3:

https://github.com/wesnoth/wesnoth/commit/7b44cee405f1cbbcf5515f6fee1540b55c48dd36

___

Reply to this item at:

  

___
  Nachricht gesendet von/durch Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25080] UB in map resize window

2016-10-20 Thread Daniel 
Follow-up Comment #2, bug #25080 (project wesnoth):

Line 162 that is meantioned in the log points to "&&
static_cast(expand_direction_) != i" so it'S likeley that error is that
expand_direction_ is not a valid EXPAND_DIRECTION.

___

Reply to this item at:

  

___
  Nachricht gesendet von/durch Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25079] UB in font code

2016-10-20 Thread Daniel 
Follow-up Comment #4, bug #25079 (project wesnoth):

Afaik shifting out of range on signed types (unlike unsigned types) is indeed
UB accortudin to the standart, maybe we could fix this by using unsigned types
here.

___

Reply to this item at:

  

___
  Nachricht gesendet von/durch Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25089] editor: buffer overflow while expanding map

2016-10-20 Thread Wedge009 
Follow-up Comment #2, bug #25089 (project wesnoth):

Whoops, sorry, was looking at the wrong part of the log.


void editor_map::expand_right(int count, const t_translation::t_terrain &
filler)
{
t_translation::t_map tiles_new(tiles_.w + count, tiles_.h);
w_ += count;
for (int x = 0, x_end = tiles_.w; x != x_end; ++x) {
for (int y = 0, y_end = tiles_.h; y != y_end; ++y) {
tiles_new.get(x, y) = tiles_.get(x, y);
}
}
for (int x = tiles_.w, x_end = tiles_.w + count; x != x_end; ++x) {
for (int y = 0, y_end = tiles_.h; y != y_end; ++y) {
tiles_new.get(x, y) = filler == 
t_translation::NONE_TERRAIN ?
tiles_.get(count - 1, y) : filler;
}
}
tiles_ = tiles_new;
}


I suppose it's possible for something to go out of bounds here, but I really
can't really see what's going on and I didn't find anything obviously bad
while debugging.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25161] editor generates invalid map, crash while loading (expand map)

2016-10-20 Thread Wedge009 
Update of bug #25161 (project wesnoth):

 Release: git => 1.13.5+dev 

___

Follow-up Comment #1:

I think when I looked at this previously I was not able to get the crash. I
did find that the maps couldn't be loaded due to the 'illegal tile', though.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25112] ai vs ai game, experimental AI recruits nothing, humans recruit drakes, SNAFU

2016-10-20 Thread Wedge009 
Follow-up Comment #2, bug #25112 (project wesnoth):

Any luck replicating this issue?

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25111] tutorial: getting stuck sometimes, have to undo turn or reload

2016-10-20 Thread Wedge009 
Follow-up Comment #5, bug #25111 (project wesnoth):

Sort of reported in bug #21940 as well.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25089] editor: buffer overflow while expanding map

2016-10-20 Thread Wedge009 
Update of bug #25089 (project wesnoth):

 Release: git => 1.13.5+dev 

___

Follow-up Comment #1:

This looks like the same as bug #25079 and bug #25080.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25079] UB in font code

2016-10-20 Thread Wedge009 
Update of bug #25079 (project wesnoth):

  Status:None => Invalid
 Open/Closed:Open => Closed 
 Release: git => 1.13.5+dev 

___

Follow-up Comment #3:


void text_surface::hash()
{
int h = 0;
for(const char c : str_) {
h = ((h << 9) | (h >> (sizeof(int) * 8 - 9))) ^ (c);
}
hash_ = h;
}


Seems okay to me, though I'm no expert in hashing functions.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25080] UB in map resize window

2016-10-20 Thread Wedge009 
Update of bug #25080 (project wesnoth):

 Release: git => 1.13.5+dev 

___

Follow-up Comment #1:

The code hasn't changed since this was first reported:


for(int i = 0; i < 9; ++i) {
if(direction_buttons_[i]->get_value()
   && static_cast(expand_direction_) != i) {
expand_direction_ = static_cast(i);
break;
}
}


Within the loop, i should only ever be 0 to 8 inclusive. EXPAND_DIRECTION is
an enumeration defined as integers from 0 to 8 inclusive. So I'm really
curious as to how i became 11273260 when it's cast to EXPAND_DIRECTION. :S

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #24502] UB showing unit description in 'help'

2016-10-20 Thread Wedge009 
Update of bug #24502 (project wesnoth):

  Status:None => Works For Me   
 Open/Closed:Open => Closed 
 Release: git => 1.13.2+dev 

___

Follow-up Comment #4:

Thanks. Closing this, then.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25079] UB in font code

2016-10-20 Thread Matthias Krüger 
Follow-up Comment #2, bug #25079 (project wesnoth):

Still happening (updated log attached).

If it is nothing of relevance feel free to close.

(file #29068)
___

Additional Item Attachment:

File name: font_UB_Oct20th.logSize:7 KB


___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25079] UB in font code

2016-10-20 Thread Wedge009 
Follow-up Comment #1, bug #25079 (project wesnoth):

Font code has been refactored recently - does this still happen?

Looks like it's a hash function of some sort - wouldn't that mean some
overflow would be expected?

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25077] memleak in wesnoth help

2016-10-20 Thread Wedge009 
Update of bug #25077 (project wesnoth):

  Status:None => Fixed  
 Assigned to:None => celticminstrel 
 Release: git => 1.13.5+dev 


___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #24502] UB showing unit description in 'help'

2016-10-20 Thread Matthias Krüger 
Follow-up Comment #3, bug #24502 (project wesnoth):

I can't reproduce anymore.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #24502] UB showing unit description in 'help'

2016-10-20 Thread Wedge009 
Follow-up Comment #2, bug #24502 (project wesnoth):

Can you check if this is still happening? I'm looking over the scaleImage()
function and I'm finding it hard to see how an invalid BlendType entry could
be generated in the BlendResult object but I might be missing something. The
stack trace is rather old now so the line numbers have undoubtedly changed
since then.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25204] use after free when advancing unit in test scenario

2016-10-20 Thread Matthias Krüger 
URL:
  

 Summary: use after free when advancing unit in test scenario
 Project: Battle for Wesnoth
Submitted by: matthiaskrgr
Submitted on: Thu 20 Oct 2016 07:18:21 UTC
Category: Bug
Severity: 3 - Normal
Priority: 5 - Normal
  Item Group:  None of the others
  Status: None
 Privacy: Public
 Assigned to: None
Originator Email: 
 Open/Closed: Open
 Discussion Lock: Any
 Release: git
Operating System: linux

___

Details:

launch wesnoth -t
Select the peasant (slightly south to the castle (9,8 on the map).
move him to the "earn 100 XP" hex (7,20)
select spearmen => boom

log attached



___

File Attachments:


---
Date: Thu 20 Oct 2016 07:18:21 UTC  Name: test_scen_crash_unitadvancement.log 
Size: 20kB   By: matthiaskrgr



___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs