dark293 / garglk

Automatically exported from code.google.com/p/garglk
Other
0 stars 0 forks source link

tadsr randomly crashes when running "Worlds Apart" on 64-bit systems due to vocab stack exceeding 64kB #121

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Run "Worlds Apart" (worlds.gam) with gargoyle

What is the expected output? What do you see instead?

The game randomly segfaults every few dozen turns, often when saving.  gdb 
shows that the crash happens in voc_make_obj_name().  Valgrind shows "Invalid 
write of size 1" in the same function consistently when restoring from the 
attached save file and typing "sense jinna", "tell mother about jinna" and 
"enter jinna" as intended.

What version of the product are you using? On what operating system?

Gargoyle 2009-08-25, compiled from source on a x86-64 Fedora 12 Linux system.

Please provide any additional information below.

The attached patch to tads/tads2/vocab.c seems to fix the problem.  On a 64-bit 
system, sizeof(vocoldef) is 40 bytes, so VOC_STACK_SIZE is 16*200*40=128000 
bytes, but voc_stk_ini() allocates the stack with mchalo() which truncates the 
size to 16-bit, so the allocated stack is silently smaller than expected.

The patch also contains an unrelated fix to another problem found by valgrind.  
Please check if it is correct.

I haven't reported this bug to upstream tads2, so please do if necessary.

Original issue reported on code.google.com by rainy6...@gmail.com on 15 Sep 2010 at 3:20

Attachments:

GoogleCodeExporter commented 8 years ago
Thanks for the report and the patch!

I've reported the bug upstream to Mike Roberts, along with an alternate patch 
to limit the VOC_STACK_SIZE to 64000 bytes. Let's see what he thinks before 
moving ahead.

http://bugdb.tads.org/view.php?id=84

Original comment by bcressey@gmail.com on 15 Sep 2010 at 6:01

Attachments:

GoogleCodeExporter commented 8 years ago
No word from Mike Roberts, so I've applied your original patch as-is. Can you 
send me your name so I can add you to the project credits? Thanks!

Original comment by bcressey@gmail.com on 23 Sep 2010 at 11:06

GoogleCodeExporter commented 8 years ago
My real name is Qingchuan Wang, although I prefer to call myself "r6144" 
whenever convenient ;)

Original comment by rainy6...@gmail.com on 24 Sep 2010 at 3:40

GoogleCodeExporter commented 8 years ago
I will credit you as r6144, then, unless you prefer something else.

Original comment by bcressey@gmail.com on 28 Sep 2010 at 4:26