[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Heroes] Even lines option causes crash when unscaled

From: Nathan Mills
Subject: [Heroes] Even lines option causes crash when unscaled
Date: Fri, 16 Aug 2013 20:24:53 -0700

Every time I ran "heroes -e", it would crash when the intro screen ends. Adding any of the options: -2, -3, -4, --double, --triple, or --quadruple option prevents the crash. The function for drawing only even lines without scaling has a bug that the corresponding functions with scaling don't have. This function, named copy_screen_even, runs for 200 iterations to draw every even line. Because copy_screen_even is only drawing half of the lines that copy_screen is drawing, it should only require 100 iterations. The extra hundred iterations cause it to access past the end of both the source and destination buffers. The glibc library detects this as memory corruption at the next free() call and aborts. The attached patch file fixes this by lowering the iterations to 100.
The crash-output attachment shows what was printed right before the program aborted. The settings attachment shows what Configure printed when it was done configuring. Though it looks like it was compiled with all those options, it was actually only compiled with "-g -O0 -lm -DDEBUG" because I overrode CFLAGS by passing CFLAGS as an argument to Make.
The "Invalid read" and "Invalid write" portions of the Valgrind report "heroes-6861.valgrind" show the program trying to read and write past the end of the buffer. After patching Heroes with this patch, recompiling, and running Valgrind again, the newest Valgrind report, which is "heroes-7269.valgrind", shows no invalid reads or writes at all.
I've only tested Heroes version 0.21 and 0.29c, and both crash the same way. I compiled each version on Linux and selected SDL for the graphics/input library and SDL_mixer for sound.

Attachment: halve-iterations.patch
Description: Binary data

Attachment: crash-output
Description: Binary data

Attachment: settings
Description: Binary data

Attachment: heroes-6861.valgrind
Description: Binary data

Attachment: heroes-7269.valgrind
Description: Binary data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]