[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-gnubg] Crash in 1.06.002
From: |
Terje Pedersen |
Subject: |
[Bug-gnubg] Crash in 1.06.002 |
Date: |
Mon, 26 Nov 2018 13:24:19 +0100 |
Hi!
I ran into a crash bug in the latest version of gnubg. It is triggered
by the attached command file.
*** stack smashing detected ***: <unknown> terminated
Or:
*** buffer overflow detected ***: gnubg terminated
You may have to run it a couple of times if it doesn't crash on the first try.
I switched to a debug build and it output some interesting numbers
that are growing larger until it crashes. Attached.
The crash is caused by a buffer overflow in OutputEquity(const float
r, const cubeinfo * pci, const int f)
where:
sprintf(sz, "%+*.*f", fOutputDigits + 3, fOutputDigits, r);
(or the other ones in the same function) doesn't guard against crazy
large numbers.
My "fix" was to guard against this using snprintf(sz,OUTPUT_SZ_LENGTH,
..) instead but I guess the numbers gnu bg displays for this position
would be bad so it isn't a fix for the underlying problem.
Initially it crashed on a previous version of gnu bg but I reproduced
it on a fresh version of 1.06.002 on ubuntu 18.04.
Best regards,
TP
commands.txt
Description: Text document
log.txt
Description: Text document
- [Bug-gnubg] Crash in 1.06.002,
Terje Pedersen <=