Bug#968375: scottfree: Crashes when restoring save file

Bernhard Übelacker bernhardu at mailbox.org
Fri Aug 14 16:24:31 BST 2020 

Dear Maintainer,
this fault is caused by a wrong format in a call to fscanf.

Attached a patch to fix this and remove two other warnings.

Kind regards,
Bernhard
-------------- next part --------------

# Bullseye/testing amd64 qemu VM 2020-08-14


apt update
apt dist-upgrade


apt install systemd-coredump sddm xserver-xorg openbox xterm unzip mc fakeroot quilt gdb rr scottfree scottfree-dbgsym
apt build-dep scottfree

echo 1 > /proc/sys/kernel/perf_event_paranoid



mkdir /home/benutzer/source/scottfree/orig -p
cd    /home/benutzer/source/scottfree/orig
apt source scottfree
cd


wget http://www.ifarchive.org/if-archive/scott-adams/games/scottfree/AdamsGames.zip
unzip AdamsGames.zip -d AdamsGames
cd AdamsGames/



##########


export DISPLAY=:0
scottfree adv01.dat

--------
Tell me what to do ? SAVE GAME
OK
Filename: test.sav

Saved.

Tell me what to do ? QUIT
I've stored 0  treasures.  On a scale of 0 to 100, that rates 0 .
The game is now over.
--------


##########


$ scottfree adv01.dat test.sav
*** stack smashing detected ***: <unknown> terminated
                                                     Abgebrochen (Speicherabzug geschrieben)




$ gdb -q --args scottfree adv01.dat test.sav
Reading symbols from scottfree...Reading symbols from /usr/lib/debug/.build-id/41/565267f3552c9b645ec125e201ac393874a90f.debug...done.
done.
(gdb) directory /home/benutzer/source/scottfree/orig/scottfree-1.14
Source directories searched: /home/benutzer/source/scottfree/orig/scottfree-1.14:$cdir:$cwd
(gdb) run
Starting program: /usr/games/scottfree adv01.dat test.sav
*** stack smashing detected ***: <unknown> terminated

                                                     Program received signal SIGABRT, Aborted.
                                                                                              __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7dcd535 in __GI_abort () at abort.c:79
#2  0x00007ffff7e24508 in __libc_message (action=<optimized out>, fmt=fmt at entry=0x7ffff7f2f07b "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff7eb580d in __GI___fortify_fail_abort (need_backtrace=need_backtrace at entry=false, msg=msg at entry=0x7ffff7f2f059 "stack smashing detected") at fortify_fail.c:28
#4  0x00007ffff7eb57c2 in __stack_chk_fail () at stack_chk_fail.c:29
#5  0x00005555555573e3 in LoadGame (name=<optimized out>) at ScottCurses.c:708
#6  0x0000555555555812 in main (argc=3, argv=0x7fffffffe578) at ScottCurses.c:1393
(gdb) up
#1  0x00007ffff7dcd535 in __GI_abort () at abort.c:79
79      abort.c: Datei oder Verzeichnis nicht gefunden.
(gdb) 
#2  0x00007ffff7e24508 in __libc_message (action=<optimized out>, fmt=fmt at entry=0x7ffff7f2f07b "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
181     ../sysdeps/posix/libc_fatal.c: Datei oder Verzeichnis nicht gefunden.
(gdb) 
#3  0x00007ffff7eb580d in __GI___fortify_fail_abort (need_backtrace=need_backtrace at entry=false, msg=msg at entry=0x7ffff7f2f059 "stack smashing detected") at fortify_fail.c:28
28      fortify_fail.c: Datei oder Verzeichnis nicht gefunden.
(gdb) 
#4  0x00007ffff7eb57c2 in __stack_chk_fail () at stack_chk_fail.c:29
29      stack_chk_fail.c: Datei oder Verzeichnis nicht gefunden.
(gdb) 
#5  0x00005555555573e3 in LoadGame (name=<optimized out>) at ScottCurses.c:708
warning: Source file is more recent than executable.
708     }




##########


$ rr scottfree adv01.dat test.sav
rr: Saving execution to trace directory `/home/benutzer/.local/share/rr/scottfree-0'.
*** stack smashing detected ***: <unknown> terminated
                                                     Abgebrochen



$ rr replay /home/benutzer/.local/share/rr/scottfree-0
GNU gdb (Debian 8.2.1-2+b3) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/games/scottfree...Reading symbols from /usr/lib/debug/.build-id/41/565267f3552c9b645ec125e201ac393874a90f.debug...done.
done.
Really redefine built-in command "restart"? (y or n) [answered Y; input not from terminal]
Remote debugging using 127.0.0.1:4913
Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/.build-id/f2/5dfd7b95be4ba386fd71080accae8c0732b711.debug...done.
done.
0x00007f5521117090 in _start () from /lib64/ld-linux-x86-64.so.2
(rr) directory /home/benutzer/source/scottfree/orig/scottfree-1.14
Source directories searched: /home/benutzer/source/scottfree/orig/scottfree-1.14:$cdir:$cwd
(rr) cont
Continuing.
*** stack smashing detected ***: <unknown> terminated

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
(rr) bt
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007f5520ee4535 in __GI_abort () at abort.c:79
#2  0x00007f5520f3b508 in __libc_message (action=<optimized out>, fmt=fmt at entry=0x7f552104607b "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007f5520fcc80d in __GI___fortify_fail_abort (need_backtrace=need_backtrace at entry=false, msg=msg at entry=0x7f5521046059 "stack smashing detected") at fortify_fail.c:28
#4  0x00007f5520fcc7c2 in __stack_chk_fail () at stack_chk_fail.c:29
#5  0x000055b1a77b53e3 in LoadGame (name=<optimized out>) at ScottCurses.c:708
#6  0x000055b1a77b3812 in main (argc=3, argv=0x7ffd75fbb208) at ScottCurses.c:1393
(rr) reverse-finish
Run back to call of #0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      in ../sysdeps/unix/sysv/linux/raise.c
(rr) 
Run back to call of #0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
0x00007f5520ee4530 in __GI_abort () at abort.c:79
79      abort.c: Datei oder Verzeichnis nicht gefunden.
(rr) 
Run back to call of #0  0x00007f5520ee4530 in __GI_abort () at abort.c:79
__libc_message (action=<optimized out>, fmt=fmt at entry=0x7f552104607b "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
181     ../sysdeps/posix/libc_fatal.c: Datei oder Verzeichnis nicht gefunden.
(rr) 
Run back to call of #0  __libc_message (action=<optimized out>, fmt=fmt at entry=0x7f552104607b "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
0x00007f5520fcc808 in __GI___fortify_fail_abort (need_backtrace=need_backtrace at entry=false, msg=msg at entry=0x7f5521046059 "stack smashing detected") at fortify_fail.c:28
28      fortify_fail.c: Datei oder Verzeichnis nicht gefunden.
(rr) 
Run back to call of #0  0x00007f5520fcc808 in __GI___fortify_fail_abort (need_backtrace=need_backtrace at entry=false, msg=msg at entry=0x7f5521046059 "stack smashing detected") at fortify_fail.c:28
0x00007f5520fcc7bd in __stack_chk_fail () at stack_chk_fail.c:29
29      stack_chk_fail.c: Datei oder Verzeichnis nicht gefunden.
(rr) 
Run back to call of #0  0x00007f5520fcc7bd in __stack_chk_fail () at stack_chk_fail.c:29
LoadGame (name=<optimized out>) at ScottCurses.c:708
warning: Source file is more recent than executable.
708     }
(rr) display/i $pc
1: x/i $pc
=> 0x55b1a77b53de <LoadGame+334>:       callq  0x55b1a77b3190 <__stack_chk_fail at plt>
(rr) reverse-stepi
0x000055b1a77b53a8      708     }
1: x/i $pc
=> 0x55b1a77b53a8 <LoadGame+280>:       jne    0x55b1a77b53de <LoadGame+334>
(rr) 
0x000055b1a77b539f      708     }
1: x/i $pc
=> 0x55b1a77b539f <LoadGame+271>:       xor    %fs:0x28,%rax
(rr) 
708     }
1: x/i $pc
=> 0x55b1a77b539a <LoadGame+266>:       mov    0x8(%rsp),%rax
(rr) print/x $rsp
$1 = 0x7ffd75fbb0c0
(rr) print/x $rsp + 0x8
$2 = 0x7ffd75fbb0c8
(rr) watch *0x7ffd75fbb0c8
Hardware watchpoint 1: *0x7ffd75fbb0c8
(rr) reverse-cont
Continuing.

Hardware watchpoint 1: *0x7ffd75fbb0c8

Old value = -391249920
New value = -391237888
0x00007f5520f245dc in _IO_vfscanf_internal (s=s at entry=0x55b1a8324260, format=<optimized out>, argptr=argptr at entry=0x7ffd75fbafd0, errp=errp at entry=0x0) at vfscanf.c:1895
1895    vfscanf.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7f5520f245dc <_IO_vfscanf_internal+15836>: mov    %eax,(%rdx)
(rr) bt
#0  0x00007f5520f245dc in _IO_vfscanf_internal (s=s at entry=0x55b1a8324260, format=<optimized out>, argptr=argptr at entry=0x7ffd75fbafd0, errp=errp at entry=0x0) at vfscanf.c:1895
#1  0x00007f5520f2fc56 in __isoc99_fscanf (stream=0x55b1a8324260, format=<optimized out>) at isoc99_fscanf.c:34
#2  0x000055b1a77b533b in LoadGame (name=<optimized out>) at ScottCurses.c:696
#3  0x000055b1a77b3812 in main (argc=3, argv=0x7ffd75fbb208) at ScottCurses.c:1393
(rr) up
#1  0x00007f5520f2fc56 in __isoc99_fscanf (stream=0x55b1a8324260, format=<optimized out>) at isoc99_fscanf.c:34
34      isoc99_fscanf.c: Datei oder Verzeichnis nicht gefunden.
(rr) 
#2  0x000055b1a77b533b in LoadGame (name=<optimized out>) at ScottCurses.c:696
696             fscanf(f,"%ld %d %hd %d %d %hd\n",
(rr) list
691             }
692             for(ct=0;ct<16;ct++)
693             {
694                     fscanf(f,"%d %d\n",&Counters[ct],&RoomSaved[ct]);
695             }
696             fscanf(f,"%ld %d %hd %d %d %hd\n",
697                     &BitFlags,&DarkFlag,&MyLoc,&CurrentCounter,&SavedRoom,
698                     &GameHeader.LightTime);
699             /* Backward compatibility */
700             if(DarkFlag)



##########



https://buildd.debian.org/status/fetch.php?pkg=scottfree&arch=amd64&ver=1.14-10%2Bb1&stamp=1525522418&raw=0

ScottCurses.c: In function 'LoadGame':
ScottCurses.c:696:17: warning: format '%d' expects argument of type 'int *', but argument 4 has type 'short int *' [-Wformat=]
  fscanf(f,"%ld %d %hd %d %d %hd\n",
                ~^
                %hd
   &BitFlags,&DarkFlag,&MyLoc,&CurrentCounter,&SavedRoom,
             ~~~~~~~~~



##########



cd /home/benutzer/source/scottfree
cp orig try1 -a
cd try1/scottfree-1.14
dpkg-buildpackage -b

More information about the Pkg-games-devel mailing list