Bug#785109: Asylum crashes in Psyche level
Peter De Wachter
pdewacht at gmail.com
Wed May 13 11:40:35 UTC 2015
Hi Hugh,
As you might remember, some years ago I packages SDL Asylum for Debian.
Yesterday I received a bug report that the game crashes at the end of the
second level. I recompiled the game with "-fsanitize=address,undefined"
which discovered a stray pointer in the collision detection code, seemingly
always involving the alien2 function. This seems a likely cause for random
crashes... A typical backtrace looks like this:
==29192==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x7f1eceab9647 at pc 0x40f2d9 bp 0x7fffa1788110 sp 0x7fffa1788108
READ of size 1 at 0x7f1eceab9647 thread T0
#0 0x40f2d8 in albcheck(alent*)
/home/pdewacht/asylum/asylum-0.3.2/alien.c:1554
#1 0x41a26b in alien2(alent*)
/home/pdewacht/asylum/asylum-0.3.2/alien.c:353
#2 0x4215df in moval() /home/pdewacht/asylum/asylum-0.3.2/alien.c:102
#3 0x4230ad in game() /home/pdewacht/asylum/asylum-0.3.2/asylum.c:168
#4 0x4235c4 in init() /home/pdewacht/asylum/asylum-0.3.2/asylum.c:89
#5 0x402d83 in main /home/pdewacht/asylum/asylum-0.3.2/asylum.c:488
#6 0x7f1edf2a0b44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#7 0x402f24 (/home/pdewacht/asylum/asylum-0.3.2/asylum+0x402f24)
0x7f1eceab9647 is located 441 bytes to the left of 147456-byte region
[0x7f1eceab9800,0x7f1eceadd800)
allocated by thread T0 here:
#0 0x7f1ee15a674f in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5474f)
#1 0x428e32 in loadhammered(char**, char*, char*)
/home/pdewacht/asylum/asylum-0.3.2/file.c:167
Both the original submitter and I found some other problems, patches for
which are attached. They're probably not related to the crash the submitter
experienced though.
Best regards,
Peter De Wachter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20150513/6215f982/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-wipealtab-bounds-check.patch
Type: text/x-diff
Size: 595 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20150513/6215f982/attachment-0005.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-swi_osfile-fix-EOF-handling.patch
Type: text/x-diff
Size: 792 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20150513/6215f982/attachment-0006.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-loadconfig-fix-scanf-buffer-overflow.patch
Type: text/x-diff
Size: 710 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20150513/6215f982/attachment-0007.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-swi_blitz_hammerop-missing-fclose.patch
Type: text/x-diff
Size: 773 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20150513/6215f982/attachment-0008.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-dropprivs-add-error-checking.patch
Type: text/x-diff
Size: 795 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20150513/6215f982/attachment-0009.patch>
More information about the Pkg-games-devel
mailing list