[Bug-freedink] Bugreport and Patch for fixing segfault when loading game

bug-freedink

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-freedink] Bugreport and Patch for fixing segfault when loading game

From:	Christian Ludwig
Subject:	[Bug-freedink] Bugreport and Patch for fixing segfault when loading games (modern compiler)
Date:	Sat, 2 Jan 2016 21:55:36 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0

Hello Freedink-team,

here is a bug-report with fix for version 108.4.

When using modern compilers (with optimizations turned on) one gets a
segfault if one tries to load a saved game. Or as always with undefined
behaviour: it can occur with a certain probability.
Fix:

very short version:
===================
--- freedink-108.4/src/dinkc.c  2014-10-17 17:15:09.000000000 +0200
+++ rpmbuild/SOURCES/freedink-108.4/src/dinkc.c 2016-01-02
21:25:45.000000000 +0100
@@ -63,7 +63,7 @@
   int lifespan;
   unsigned long timer;
 };
-static struct call_back callback[MAX_CALLBACKS];
+static struct call_back callback[MAX_CALLBACKS+1];
 /* TODO: Used 1->100 in the game, should it be MAX_CALLBACKS+1 ? */

 /* DinkC script buffer */

longer explanation:
===================
Modern compiler (like gcc 5.3.1 under Fedora 23) use the undefined
behaviour like in dinkc.c kill_all_scripts_for_real

  for (k = 1; k <= MAX_CALLBACKS; k++)
    {
      callback[k].active = 0;
    }

and overwrite (memory layout with optimization) the "bindings" variable
in dinkc_bindings.c. [Yes, it took me a while of debugging, to see this.]

more detailed explanation:
==========================
Attempt to load game with original version:

[debug] Stopped cd
[debug] Killed script start-2. (num 1)
[debug] Killed script start-1. (num 2)
[debug] Killed script start-2. (num 3)
[debug] Killed script start-4. (num 4)
[info ] World data loaded.
[info ] loading tilescreens...
[info ] Done with tilescreens...
[info ] LOADING main
[debug] Temp thingie is C
[info ] Loading script STORY/MAIN.C.. (slot 1)
[debug] Reading from disk...
[debug] Script main is entered at 3:12 (offset 49).

Program received signal SIGSEGV, Segmentation fault.
0x0000555555586f97 in safe_hasher ()

#0  0x0000555555586f97 in safe_hasher ()
#1  0x00005555555874df in hash_lookup ()
#2  0x0000555555560b31 in dinkc_bindings_lookup ()
#3  0x000055555556950e in process_line ()
#4  0x000055555555bf50 in run_script ()
#5  0x000055555556d22e in load_game ()
#6  0x000055555555df12 in dc_load_game ()
#7  0x000055555556a4a6 in process_line ()
#8  0x000055555555bf50 in run_script ()
#9  0x0000555555584703 in process_talk ()
#10 0x0000555555586a44 in updateFrame ()
#11 0x0000555555559585 in main ()

because safe_hasher wants to read table->n_buckets and because
table==bindings is pointing somewhere.

Hope this helps to improve this cool game.

Bye
C. Ludwig

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-freedink] Bugreport and Patch for fixing segfault when loading games (modern compiler), Christian Ludwig <=

Next by Date: [Bug-freedink] New sounds
Next by thread: [Bug-freedink] New sounds
Index(es):
- Date
- Thread