Complete.Org: Mailing Lists: Archives: freeciv-dev: July 2005:
[Freeciv-Dev] (PR#13458) horrendous buffer underflows in mapgen.c

[Freeciv-Dev] (PR#13458) horrendous buffer underflows in mapgen.c

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

Subject:	[Freeciv-Dev] (PR#13458) horrendous buffer underflows in mapgen.c
From:	"Jason Short" <jdorje@xxxxxxxxxxxxxxxxxxxxx>
Date:	Tue, 12 Jul 2005 09:19:29 -0700
Reply-to:	bugs@xxxxxxxxxxx

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=13458 >

mapgen.c is rife with buffer underflows.  The problem is it does all
sorts of lookups on terrains of type T_UNKNOWN.  This doesn't normally
cause any assertion because there's no bounds check in get_terrain.  And
it doesn't cause a valgrind error because the terrains array is static
(not on the heap or the stack) so (on my machine anyway) it's not an
invalid read.

With the attached patch however you can see the error.  The assertion
fails a lot, and in other places valgrind will probably give warnings.

This is a bug in 2.0 and the development version.  PR#13442 addresses it
to some extent for the development version.

-jason

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] (PR#13458) horrendous buffer underflows in mapgen.c, Jason Short <=
- [Freeciv-Dev] (PR#13458) horrendous buffer underflows in mapgen.c, Jason Short, 2005/07/14

Prev by Date: [Freeciv-Dev] Re: (PR#13442) access terrains by pointer
Next by Date: [Freeciv-Dev] (PR#13459) Yet another crash
Previous by thread: [Freeciv-Dev] Re: (PR#13442) access terrains by pointer
Next by thread: [Freeciv-Dev] (PR#13458) horrendous buffer underflows in mapgen.c
Index(es):
- Date
- Thread