Bug#478213: [PATCH] Powermanga segfault due to array overrun
H. S. Teoh
hsteoh at debian.org
Tue Dec 27 05:25:56 UTC 2011
Hi All,
I've been experiencing sporadic segfaults as well over the years, and
finally today I caught it while running powermanga (with full debugging
symbols) under gdb. I can confirm that what Kalle Olavi Niemitalo said
is correct: img_old_angle is assigned the value of img_angle before
img_angle is clipped by the array bounds, so there is a possibility of
it being out of bounds.
Here's a patch to fix this bug:
--- tmp/powermanga-0.90.orig/src/shots.c 2007-08-24 00:55:17.000000000 -0700
+++ powermanga-0.90-dfsg/src/shots.c 2011-12-26 21:10:28.000000000 -0800
@@ -447,8 +447,6 @@
{
bullet->img_angle = (Sint16) (bullet->angle / PI_SUR_16);
}
- /* save current angle for the calculation of the next angle */
- bullet->img_old_angle = bullet->img_angle;
/* avoid negative indexes */
bullet->img_angle = (Sint16) abs (bullet->img_angle);
/* avoid a shot angle higher than the number of images */
@@ -456,6 +454,8 @@
{
bullet->img_angle = (Sint16) (bullet->spr.numof_images - 1);
}
+ /* save current angle for the calculation of the next angle */
+ bullet->img_old_angle = bullet->img_angle;
/* draw the shot sprite */
draw_sprite (bullet->spr.
img[bullet->img_angle],
Please apply the patch and upload. Thanks!! :)
T
--
Change is inevitable, except from a vending machine.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: segv001.patch
Type: text/x-diff
Size: 920 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20111226/380a4722/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20111226/380a4722/attachment.pgp>
More information about the Pkg-games-devel
mailing list