[Wesnoth-bugs] [bug #25204] use after free when advancing unit in test scenario

URL: Summary: use after free when advancing unit in test scenario Project: Battle for Wesnoth Submitted by: matthiaskrgr Submitted on: Thu 20 Oct 2016 07:18:21 UTC Category: Bug

[Wesnoth-bugs] [bug #25079] UB in font code

Follow-up Comment #4, bug #25079 (project wesnoth): Afaik shifting out of range on signed types (unlike unsigned types) is indeed UB accortudin to the standart, maybe we could fix this by using unsigned types here. ___ Reply to this item

[Wesnoth-bugs] [bug #24502] UB showing unit description in 'help'

Follow-up Comment #2, bug #24502 (project wesnoth): Can you check if this is still happening? I'm looking over the scaleImage() function and I'm finding it hard to see how an invalid BlendType entry could be generated in the BlendResult object but I might be missing something. The stack trace is

[Wesnoth-bugs] [bug #24502] UB showing unit description in 'help'

Follow-up Comment #3, bug #24502 (project wesnoth): I can't reproduce anymore. ___ Reply to this item at: ___ Message sent via/by Gna! http://gna.org/

[Wesnoth-bugs] [bug #25079] UB in font code

Update of bug #25079 (project wesnoth): Status:None => Invalid Open/Closed:Open => Closed Release: git => 1.13.5+dev

[Wesnoth-bugs] [bug #25112] ai vs ai game, experimental AI recruits nothing, humans recruit drakes, SNAFU

Follow-up Comment #2, bug #25112 (project wesnoth): Any luck replicating this issue? ___ Reply to this item at: ___ Message sent via/by Gna! http://gna.org/

[Wesnoth-bugs] [bug #24502] UB showing unit description in 'help'

Update of bug #24502 (project wesnoth): Status:None => Works For Me Open/Closed:Open => Closed Release: git => 1.13.2+dev

[Wesnoth-bugs] [bug #25079] UB in font code

Follow-up Comment #2, bug #25079 (project wesnoth): Still happening (updated log attached). If it is nothing of relevance feel free to close. (file #29068) ___ Additional Item Attachment: File name: font_UB_Oct20th.logSize:7

[Wesnoth-bugs] [bug #25089] editor: buffer overflow while expanding map

Follow-up Comment #2, bug #25089 (project wesnoth): Whoops, sorry, was looking at the wrong part of the log. void editor_map::expand_right(int count, const t_translation::t_terrain & filler) { t_translation::t_map tiles_new(tiles_.w + count, tiles_.h); w_ += count; for

[Wesnoth-bugs] [bug #25079] UB in font code

Follow-up Comment #1, bug #25079 (project wesnoth): Font code has been refactored recently - does this still happen? Looks like it's a hash function of some sort - wouldn't that mean some overflow would be expected? ___ Reply to this item

[Wesnoth-bugs] [bug #25080] UB in map resize window

Update of bug #25080 (project wesnoth): Release: git => 1.13.5+dev ___ Follow-up Comment #1: The code hasn't changed since this was first reported: for(int i = 0; i < 9; ++i) {

[Wesnoth-bugs] [bug #25111] tutorial: getting stuck sometimes, have to undo turn or reload

Follow-up Comment #5, bug #25111 (project wesnoth): Sort of reported in bug #21940 as well. ___ Reply to this item at: ___ Message sent via/by Gna!

[Wesnoth-bugs] [bug #25077] memleak in wesnoth help

Update of bug #25077 (project wesnoth): Status:None => Fixed Assigned to:None => celticminstrel Release: git => 1.13.5+dev

[Wesnoth-bugs] [bug #25089] editor: buffer overflow while expanding map

Update of bug #25089 (project wesnoth): Release: git => 1.13.5+dev ___ Follow-up Comment #1: This looks like the same as bug #25079 and bug #25080.

[Wesnoth-bugs] [bug #25161] editor generates invalid map, crash while loading (expand map)

Update of bug #25161 (project wesnoth): Release: git => 1.13.5+dev ___ Follow-up Comment #1: I think when I looked at this previously I was not able to get the crash. I did find that the

[Wesnoth-bugs] [bug #25080] UB in map resize window

Follow-up Comment #2, bug #25080 (project wesnoth): Line 162 that is meantioned in the log points to "&& static_cast(expand_direction_) != i" so it'S likeley that error is that expand_direction_ is not a valid EXPAND_DIRECTION. ___ Reply

[Wesnoth-bugs] [bug #25089] editor: buffer overflow while expanding map

Follow-up Comment #4, bug #25089 (project wesnoth): I could not longer reproduce; resizing seems to work now. Here and there the editor still crashed due to invalid terrain being accessed but this is a different issue ( https://gna.org/bugs/index.php?25161 ).

[Wesnoth-bugs] [bug #25079] UB in font code

Update of bug #25079 (project wesnoth): Status: Invalid => None Open/Closed: Closed => Open ___ Follow-up Comment #5: Oh, right. I'll

[Wesnoth-bugs] [bug #25080] UB in map resize window

Follow-up Comment #3, bug #25080 (project wesnoth): I was wondering about that. expand_direction_ is defined as a EXPAND_DIRECTION& and I'm not quite sure what the intention was behind that. ___ Reply to this item at:

[Wesnoth-bugs] [bug #24937] Problems with loading/deleting file names with spaces

Follow-up Comment #6, bug #24937 (project wesnoth): As i said in some other thea my earler post here about "The is most likeley caused by out use of std::strftime" went accidnetly here and belonged to another issue. The problem here is that our ui code translated spaces to underscores, so that

[Wesnoth-bugs] [bug #25081] memleaks in tutorial start

Update of bug #25081 (project wesnoth): Status:None => Ready For Test ___ Reply to this item at: ___ Nachricht

[Wesnoth-bugs] [bug #25204] use after free when advancing unit in test scenario

Update of bug #25204 (project wesnoth): Status:None => Ready For Test ___ Follow-up Comment #1: https://github.com/wesnoth/wesnoth/commit/00e008df5d59bb87fb482bf60915b107ffc7446a

[Wesnoth-bugs] [bug #25204] use after free when advancing unit in test scenario

Follow-up Comment #2, bug #25204 (project wesnoth): Looks good. ___ Reply to this item at: ___ Message sent via/by Gna! http://gna.org/

[Wesnoth-bugs] [bug #25204] use after free when advancing unit in test scenario

Update of bug #25204 (project wesnoth): Status: Ready For Test => Fixed ___ Reply to this item at: ___ Nachricht

[Wesnoth-bugs] [bug #24502] UB showing unit description in 'help'

Update of bug #24502 (project wesnoth): Status:Works For Me => Fixed Assigned to:None => shadowmaster Open/Closed: Closed => Open

[Wesnoth-bugs] [bug #25089] editor: buffer overflow while expanding map

Update of bug #25089 (project wesnoth): Status:None => Ready For Test ___ Follow-up Comment #3: https://github.com/wesnoth/wesnoth/commit/7b44cee405f1cbbcf5515f6fee1540b55c48dd36

[Wesnoth-bugs] [bug #25089] editor: buffer overflow while expanding map

Update of bug #25089 (project wesnoth): Status: Ready For Test => Fixed ___ Reply to this item at: ___ Nachricht