search

DavidKinder / Windows-Frotz

Z-code interpreter for Windows, based on Stefan Jokisch's Frotz interpreter core.
http://www.davidkinder.co.uk/frotz.html
GNU General Public License v2.0
58 stars 12 forks source link

Error when print_addr gets a string that goes past 64K #25

Closed cspiegel closed 9 months ago

cspiegel commented 11 months ago

(this is copied from https://gitlab.com/DavidGriffith/frotz/-/issues/276, since the Windows Frotz core looks to have the same general code causing the issue)

If print_addr is given the address of a string which starts below 64K but stretches past it, Frotz will segfault.

The issue is that print_addr tells decode_text it's a LOW_STRING, and thus uses a zword to track the address, but since the string goes past 64K, it wraps around and continues decoding from the beginning of memory.

I'm attaching a file which segfaults, as the address wraps around to 0, which ultimately results in a stack overflow as decode_text winds up in an infinite recursive loop.

Whether this is a valid Z-code construct is debatable, but since it can result in a segfault I thought it'd be worth reporting.

See https://intfiction.org/t/z-machine-standard-unclear-aspects-ambiguities/64128/26.

64k.zip

DavidKinder commented 9 months ago

This seems like it ought to be valid. Fixed by commit https://github.com/DavidKinder/Windows-Frotz/commit/1e0c3722c1bb3f701e1811eb2b880edcfeb41dc6