stransky
commented
11 years ago Yes, I can see the crash, some old hardcoded values are still in the code.
Closed apoleon closed 11 years ago
stransky
commented
11 years ago Yes, I can see the crash, some old hardcoded values are still in the code.
stransky
commented
11 years ago should be fixed by commit 3106538fd3de70213a6cb8703a0aeac4906683d3 but there may be some remaining crashes.
apoleon
commented
11 years ago Thanks for your quick response. I built the latest revision from git master and it seems that
berusky2 -i /usr/share/games/berusky2/berusky3d.ini
works. However I can't start any games from the in-game menu anymore. The log says for example
"Unable to find level level201.lv6"
If I try to start a level from the command line with
berusky2 level6.lv6
the game segfaults.
stransky
commented
11 years ago Yeah, the level loading is fixed by commit 3929ecc0721677aec141c2750fd2e9e26e1e80d1. There may be some crashes left when built with fortified sources.
stransky
commented
11 years ago The fortified crashes should be fixed now....if not please open a new ticket for that. Thanks!
When I run the game with the -i option and try to specify the ini-file directly with
berusky2 -i /usr/share/games/berusky2/berusky3d.ini
the game aborts with the error message: "Buffer overflow detected"
This is because Berusky2 was compiled with -D_FORTIFY_SOURCE and the buffer overflow is detected in Berusky3d_ini.cpp.
relevant part (hopefully)
void process_params(G_KONFIG * p_ber, int argc, char **argv) { int i;
for (i = 1; i < argc; i++) { if (!strcasecmp(argv[i], "-h") || !strcasecmp(argv[i], "--help")) { print_help(); } else if (!strcasecmp(argv[i], "-i") || !strcasecmp(argv[i], "--ini-file")) { i++; if (i < argc) { strcpy(ini_file, argv[i]); } }
It's possible to pass arbitrarily long strings to the -i option and nothing prevents that the destination array ini_file is overwritten by the source argv[i]
A solution might be to use strncpy instead of strcpy.