Closed ImpleLee closed 2 years ago
I observed buffer overflow, but there are 2 functions (reset_async
, poll_next_move
) that both contain __stack_chk_fail
and are called by techmino, so I don't know which one is overflowing.
This bug comes from commit 4c4fa4a99d8c6d7056fbf3aa941347976a499bd6.
good
The code in wrapper checks whether the lua list has length exactly 400, and panics immediately if not. The lua code always passes in a 40*10 rectangle, keeping the apparent block generation height constant. (The actual height instantly rises on incoming garbage, and then slowly drops to simulate the gradual rising of garbage.)
Proposal
The code in wrapper checks whether the lua list has length exactly 400, and panics immediately if not. The lua code always passes in a 40*10 rectangle, keeping the apparent block generation height constant. (The actual height instantly rises on incoming garbage, and then slowly drops to simulate the gradual rising of garbage.)
Accepted.
In
reset_async
, it is assumed that#field <= 400
: https://github.com/26F-Studio/cold_clear_ai_love2d_wrapper/blob/5dfbedeaa55e4aed78af9ef98d49367eef269fa3/cold_clear_wrapper.c#L53-L60 But in techmino what is assumed is that#field >= 400
: https://github.com/26F-Studio/Techmino/blob/e41aefd17c51385f524ebf03c7586934698f56c8/parts/bot/bot_cc.lua#L79-L84