[Bug-gnubg] Fwd: Bug#929188: gnubg: allows re-rolling dice after decline

From: Russ Allbery
Subject: [Bug-gnubg] Fwd: Bug#929188: gnubg: allows re-rolling dice after declined resignation in graphical mode
Date: Thu, 23 May 2019 18:10:03 -0700
Hi folks,

I got the following bug report to the Debian bug tracking system, but I
think this is a bug in the logic rather than a packaging bug.  I haven't
looked any further than reading the bug report.

Original report is at https://bugs.debian.org/929188, including the
original author's email address (which I omitted here only because some
folks aren't happy about their email address being exposed to places they
didn't expect).

From: Asher Gordon
Subject: Bug#929188: gnubg: allows re-rolling dice after declined resignation 
in graphical mode

Package: gnubg
Version: 1.06.002-1
Severity: normal
Tags: upstream

Dear Maintainer,

Follow these steps to reproduce the bug:

1. Start GNU Backgammon in graphical mode (just type "gnubg" at the
   command prompt, and make sure X is running).

2. Start a new game by clicking "New" or select File -> New...

3. Select "Human vs. Human" and click "OK".

4. Take note of the numbers on the dice.

5. As the player whose turn it is, offer a resignation by clicking
   "Resign" or select Game -> Resign, and select any of the
   options. This will remove the dice from the board.

6. As the other player, decline the resignation by clicking "Reject" or
   select Game -> Reject.

7. Now, as the first player again, roll the dice by clicking in the area
   on the board in which they would be rolled. Note that the roll is
   different than it was before the resignation offer (if it is not,
   repeat steps 5-7 until it is).

This allows the player to cheat by re-rolling the dice until a good roll
is available. If you can get the computer into a state where it will not
accept a normal resign (play badly until a gammon/backgammon is
inevitable), this bug is also reproducible, allowing the player to cheat
against the computer.

Ideally, in step 5. above, when the player offers a resignation, GNU
Backgammon should leave the dice on the board, and not allow the player
to re-roll them.

Note also that after step 6., if you don't roll the dice and instead
resign again immediately, and you choose a level less than or equal to
the level chosen before (e.g. normal), then it will print "<player> has
already declined your offer of a <single game|gammon|backgammon>." and
will not offer the resignation a second time. This should also happen
when the dice are rolled again before the second resignation. However it
does not.

I suppose that is a different bug, but it seemed related enough to
mention it here.

Also note that in text mode neither of these bugs are present:

$ gnubg -t
(No game) set player 0 human
Moves for foo must now be entered manually.
(No game) set player 1 human
Moves for bar must now be entered manually.
(No game) new game
foo rolls 3, bar rolls 1.
(foo) resign
foo offers to resign a single game.
(bar) reject
bar declines the single game.
(foo) roll
You have already rolled the dice.
(foo) resign
bar has already declined your offer of a single game.
(foo) exit
Are you sure you want to discard the current match? y

- - System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnubg depends on:
ii  debconf [debconf-2.0]   1.5.71
ii  gnubg-data              1.06.002-1
ii  libc6                   2.28-10
ii  libcairo2               1.16.0-4
ii  libcanberra-gtk0        0.30-7
ii  libcanberra0            0.30-7
ii  libcurl4                7.64.0-3
ii  libfreetype6            2.9.1-3
ii  libgdk-pixbuf2.0-0      2.38.1+dfsg-1
ii  libgl1                  1.1.0-1
ii  libglib2.0-0            2.58.3-1
ii  libglu1-mesa [libglu1]  9.0.0-2.1+b3
ii  libgmp10                2:6.1.2+dfsg-4
ii  libgtk2.0-0             2.24.32-3
ii  libgtkglext1            1.2.0-9
ii  libpango-1.0-0          1.42.4-6
ii  libpangocairo-1.0-0     1.42.4-6
ii  libpng16-16             1.6.36-5
ii  libpython2.7            2.7.16-2
ii  libreadline7            7.0-5
ii  libsqlite3-0            3.27.2-2

gnubg recommends no packages.

Versions of packages gnubg suggests:
ii  sensible-utils  0.0.12

- debconf information:
* gnubg/build-bearoffs: true

