Bug#514463: Poor bounds checking causes abnormal exits or crashes

Bas Wijnen wijnen at debian.org
Sun Feb 8 10:45:19 UTC 2009


Hello,

On Sat, Feb 07, 2009 at 05:01:39PM -0500, anomie at users.sourceforge.net wrote:
> There are small regions to the right of and below the grid that cause
> gfpoken to fail when they are clicked, due to poor bounds checking in
> the click event handlers.

Thanks for reporting this.  I think I have fixed the problem, but since
I couldn't reproduce everything you mentioned, I'd apreciate it if you
checked as well.

The fix is in a new release, 0.32, which should appear in the download
section of https://savannah.nongnu.org/projects/gfpoken/ shortly.

If it takes too long, you can also get them from:
http://a82-93-13-222.adsl.xs4all.nl/~shevek/gfpoken-0.32.tar.gz
http://a82-93-13-222.adsl.xs4all.nl/~shevek/gfpoken-0.32.tar.gz.sig

For building, first make sure you have all build-depends installed
(apt-get build-dep gfpoken; apt-get install build-essential).  Then do:
./autogen.sh --prefix=/tmp/gfpoken
make
make install

Due to the writable prefix, you don't need root permissions for this.
(You do need them for installing the build-depends.)  Then to test:
/tmp/gfpoken/bin/gfpoken

> For example:
> 1. Clicking the right region in line with the top row of the grid
>    manipulates the second cell in the second row of the grid; in a grid
>    with five columns numbered 0-4, that click tried to manipulate column
>    *6* which wrapped in the linear array in memory. 

This makes sense when looking at the code, but I didn't see it happen on
my system.

> 2. Clicking the right region in line with the bottom row, or the bottom
>    region in line with any of the columns, results in an exit with
>    "BUG: unknown case in nextobj" or a SEGV. In this case, it tried to
>    manipulate a cell off the edge of the grid and hence off the end of
>    the memory array.

I did see this, and it is fixed in the new version.

> 3. Clicking either region in line with the "ball rolling" areas results
>    in corrupted graphics (as if a ball is rolling through the
>    out-of-bounds region) followed by an exit with a "Hash overrun"
>    message.

This as well.

> It seems the mouse button event handlers need to do better checking for
> out-of-bounds values, and/or the grid widget needs to size itself
> correctly so these regions don't exist.

I've added the bound checks, it's more robust against later changes. :-)

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://a82-93-13-222.adsl.xs4all.nl/e-mail.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20090208/48cad14b/attachment.pgp 


More information about the Pkg-games-devel mailing list