Bug#478213: powermanga: random seqfault after upgrade to 0.90
Kalle Olavi Niemitalo
kon at iki.fi
Sat Dec 19 11:58:30 UTC 2009
I got two segfaults in powermanga 0.90-dfsg-2 today,
on amd64. For the second of them, I had gdb waiting.
I don't have exact symbols but the crash appears
to be a null pointer dereference in shot_display():
bullet->spr.trajectory is 1 (homing),
and bullet->img_old_angle and bullet->spr.numof_images
are both 32; that means bullet->img_old_angle
is out of range. The function then dereferences
bullet->spr.img[bullet->img_old_angle], which is NULL.
In shot_display(), there is code that tries to keep
bullet->img_angle within range. I suppose the
bullet->img_old_angle assignment should be moved below that.
(I think the crash in the coordinate calculation could
alternatively be fixed by using bullet->img_angle there
instead of img_old_angle, but the out-of-range value
would then just cause a similar crash elsewhere.)
While looking at this, I found some suspicious code in
shots_handle() too. Namely, there is one place where
it calls shot_delete and then decrements i. It seems
this could cause it to run past the end of the linked list.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20091219/318113ef/attachment.pgp>
More information about the Pkg-games-devel
mailing list