| Summary: | games-puzzle/magiccube4d-2.2-r1 crash trying to read save state | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Khumba <bog> |
| Component: | Current packages | Assignee: | Gentoo Games <games> |
| Status: | UNCONFIRMED --- | ||
| Severity: | normal | Keywords: | PATCH |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
emerge --info
Patch to drop unused variable causing overflow |
||
Created attachment 881585 [details]
emerge --info
Created attachment 881586 [details, diff]
Patch to drop unused variable causing overflow
|
magiccube4d saves the cube state in ~/.magiccube4dlog, when Save is clicked or on a clean exit (i.e. the Quit button, not closing the X window). When this file exists, it tries to load it on startup, leading to a crash: Program received signal SIGABRT, Aborted. 0x00007ffff78b2adc in ?? () from /usr/lib64/libc.so.6 (gdb) bt #0 0x00007ffff78b2adc in ?? () from /usr/lib64/libc.so.6 #1 0x00007ffff78658b2 in raise () from /usr/lib64/libc.so.6 #2 0x00007ffff784f4ad in abort () from /usr/lib64/libc.so.6 #3 0x00007ffff78503ee in ?? () from /usr/lib64/libc.so.6 #4 0x00007ffff7940f05 in __fortify_fail () from /usr/lib64/libc.so.6 #5 0x00007ffff793f880 in __chk_fail () from /usr/lib64/libc.so.6 #6 0x00007ffff787c292 in ?? () from /usr/lib64/libc.so.6 #7 0x00007ffff787c6c9 in ?? () from /usr/lib64/libc.so.6 #8 0x00007ffff7884521 in ?? () from /usr/lib64/libc.so.6 #9 0x00007ffff789ea62 in ?? () from /usr/lib64/libc.so.6 #10 0x00007ffff793f325 in __sprintf_chk () from /usr/lib64/libc.so.6 #11 0x000055555555f8f1 in sprintf (__fmt=0x555555569509 " @%%%d[^@]@(", __s=0x7ffffffdaa36 " @%1233[^@\001") at /usr/include/bits/stdio2.h:30 #12 MacroManager::read (this=0x5555555aa450, fp=fp@entry=0x5555555a9270) at MacroManager.cpp:250 #13 0x0000555555559557 in EventHandler::readLogfile (this=this@entry=0x7ffffffdb020, filename=0x5555555a32ac "/home/khumba/.magiccube4dlog") at EventHandler.cpp:221 #14 0x00005555555599f9 in EventHandler::EventHandler (this=this@entry=0x7ffffffdb020, argc=<optimized out>, argv=<optimized out>, machine_type=machine_type@entry=0x555555569710 "X") at EventHandler.cpp:133 #15 0x0000555555558873 in main (argc=<optimized out>, argv=<optimized out>) at Main.cpp:29 MacroManager.cpp has this bit of code: bool MacroManager::read(FILE *fp) { int c; Macro* mac; int nrefs, refs[MAXREFS][4]; int face, stickerwithinface; struct stickerspec sticker; char name[1234]; char format[10]; sprintf(format, " @%%%d[^@]@(", (int)sizeof(name) - 1); sprintf(format, " @%%[^@]@("); /* ARGH! FIX THIS-- maybe the other way worked after all, check it out */ /* FIX THIS! overflow is quite likely if the final delimiter is missing in the file */ ... The first sprintf() call overflows 'format' and causes the crash. 'format' isn't used in the rest of the function though, so it should be safe to remove, and removing it fixes the crash, and the save state loads properly.