[Bug-gnubg] Crash in 1.06.002

bug-gnubg

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-gnubg] Crash in 1.06.002

From:	Terje Pedersen
Subject:	[Bug-gnubg] Crash in 1.06.002
Date:	Mon, 26 Nov 2018 13:24:19 +0100

Hi!

I ran into a crash bug in the latest version of gnubg. It is triggered
by the attached command file.

*** stack smashing detected ***: <unknown> terminated

Or:

*** buffer overflow detected ***: gnubg terminated

You may have to run it a couple of times if it doesn't crash on the first try.

I switched to a debug build and it output some interesting numbers
that are growing larger until it crashes. Attached.

The crash is caused by a buffer overflow in OutputEquity(const float
r, const cubeinfo * pci, const int f)

where:

            sprintf(sz, "%+*.*f", fOutputDigits + 3, fOutputDigits, r);

(or the other ones in the same function) doesn't guard against crazy
large numbers.

My "fix" was to guard against this using snprintf(sz,OUTPUT_SZ_LENGTH,
..) instead but I guess the numbers gnu bg displays for this position
would be bad so it isn't a fix for the underlying problem.

Initially it crashed on a previous version of gnu bg but I reproduced
it on a fresh version of 1.06.002 on ubuntu 18.04.

Best regards,
TP

commands.txt
Description: Text document

log.txt
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-gnubg] Crash in 1.06.002, Terje Pedersen <=
- Re: [Bug-gnubg] Crash in 1.06.002, Philippe Michel, 2018/11/26
  - Re: [Bug-gnubg] Crash in 1.06.002, Terje Pedersen, 2018/11/26
    - Re: [Bug-gnubg] Crash in 1.06.002, Philippe Michel, 2018/11/26
    - Re: [Bug-gnubg] Crash in 1.06.002, Terje Pedersen, 2018/11/26

Prev by Date: Re: [Bug-gnubg] GNU crash on Windows 10
Next by Date: Re: [Bug-gnubg] Crash in 1.06.002
Previous by thread: [Bug-gnubg] GNU crash on Windows 10
Next by thread: Re: [Bug-gnubg] Crash in 1.06.002
Index(es):
- Date
- Thread