#53 Lgeneral crash on campaign

closed-duplicate
nobody
None
5
2010-09-20
2010-01-02
Anonymous
No

Hi. With the new 1.2beta-14 version in ubuntu 9.10 I can play scenarios but campaigns fail after selecting the "PG" campaign and clicking "OK"

This is what it prints: I've removed sound support.

*** buffer overflow detected ***: lgeneral terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f231190d5f7]
/lib/libc.so.6[0x7f231190c5a0]
/lib/libc.so.6[0x7f231190ba09]
/lib/libc.so.6(_IO_default_xsputn+0x98)[0x7f231188a448]
/lib/libc.so.6(_IO_vfprintf+0x3972)[0x7f231185e712]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f231190baa9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f231190b9ef]
lgeneral[0x4248fa]
lgeneral[0x42bb13]
lgeneral[0x430b5d]
lgeneral[0x402c31]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f2311834abd]
lgeneral[0x402749]
======= Memory map: ========
00400000-0043c000 r-xp 00000000 08:04 20139 /usr/local/bin/lgeneral
0063b000-0063c000 r--p 0003b000 08:04 20139 /usr/local/bin/lgeneral
0063c000-0063d000 rw-p 0003c000 08:04 20139 /usr/local/bin/lgeneral
0063d000-00660000 rw-p 00000000 00:00 0
02196000-0325a000 rw-p 00000000 00:00 0 [heap]
7f230e944000-7f230e95a000 r-xp 00000000 08:04 572 /lib/libgcc_s.so.1
7f230e95a000-7f230eb59000 ---p 00016000 08:04 572 /lib/libgcc_s.so.1
7f230eb59000-7f230eb5a000 r--p 00015000 08:04 572 /lib/libgcc_s.so.1
7f230eb5a000-7f230eb5b000 rw-p 00016000 08:04 572 /lib/libgcc_s.so.1
7f230eb80000-7f230ee80000 rw-s 00000000 00:09 2654223 /SYSV00000000 (deleted)
7f230ee80000-7f230ee81000 ---p 00000000 00:00 0
7f230ee81000-7f230f681000 rw-p 00000000 00:00 0
7f230f681000-7f230f686000 r-xp 00000000 08:04 3064 /usr/lib/libXfixes.so.3.1.0
7f230f686000-7f230f885000 ---p 00005000 08:04 3064 /usr/lib/libXfixes.so.3.1.0
7f230f885000-7f230f886000 r--p 00004000 08:04 3064 /usr/lib/libXfixes.so.3.1.0
7f230f886000-7f230f887000 rw-p 00005000 08:04 3064 /usr/lib/libXfixes.so.3.1.0
7f230f887000-7f230f890000 r-xp 00000000 08:04 3084 /usr/lib/libXrender.so.1.3.0
7f230f890000-7f230fa8f000 ---p 00009000 08:04 3084 /usr/lib/libXrender.so.1.3.0
7f230fa8f000-7f230fa90000 r--p 00008000 08:04 3084 /usr/lib/libXrender.so.1.3.0
7f230fa90000-7f230fa91000 rw-p 00009000 08:04 3084 /usr/lib/libXrender.so.1.3.0
7f230fa91000-7f230fa9a000 r-xp 00000000 08:04 3056 /usr/lib/libXcursor.so.1.0.2
7f230fa9a000-7f230fc99000 ---p 00009000 08:04 3056 /usr/lib/libXcursor.so.1.0.2
7f230fc99000-7f230fc9a000 r--p 00008000 08:04 3056 /usr/lib/libXcursor.so.1.0.2
7f230fc9a000-7f230fc9b000 rw-p 00009000 08:04 3056 /usr/lib/libXcursor.so.1.0.2
7f230fc9b000-7f230fce8000 rw-p 00000000 00:00 0
7f230fcf2000-7f230fd03000 r-xp 00000000 08:04 3062 /usr/lib/libXext.so.6.4.0
7f230fd03000-7f230ff02000 ---p 00011000 08:04 3062 /usr/lib/libXext.so.6.4.0
7f230ff02000-7f230ff03000 r--p 00010000 08:04 3062 /usr/lib/libXext.so.6.4.0
7f230ff03000-7f230ff04000 rw-p 00011000 08:04 3062 /usr/lib/libXext.so.6.4.0
7f230ff04000-7f230ff09000 r-xp 00000000 08:04 3060 /usr/lib/libXdmcp.so.6.0.0
7f230ff09000-7f2310108000 ---p 00005000 08:04 3060 /usr/lib/libXdmcp.so.6.0.0
7f2310108000-7f2310109000 rw-p 00004000 08:04 3060 /usr/lib/libXdmcp.so.6.0.0
7f2310109000-7f231010b000 r-xp 00000000 08:04 3049 /usr/lib/libXau.so.6.0.0
7f231010b000-7f231030a000 ---p 00002000 08:04 3049 /usr/lib/libXau.so.6.0.0
7f231030a000-7f231030b000 r--p 00001000 08:04 3049 /usr/lib/libXau.so.6.0.0
7f231030b000-7f231030c000 rw-p 00002000 08:04 3049 /usr/lib/libXau.so.6.0.0
7f231030c000-7f2310327000 r-xp 00000000 08:04 4080 /usr/lib/libxcb.so.1.1.0
7f2310327000-7f2310526000 ---p 0001b000 08:04 4080 /usr/lib/libxcb.so.1.1.0
7f2310526000-7f2310527000 r--p 0001a000 08:04 4080 /usr/lib/libxcb.so.1.1.0
7f2310527000-7f2310528000 rw-p 0001b000 08:04 4080 /usr/lib/libxcb.so.1.1.0
7f2310528000-7f2310659000 r-xp 00000000 08:04 3043 /usr/lib/libX11.so.6.2.0
7f2310659000-7f2310859000 ---p 00131000 08:04 3043 /usr/lib/libX11.so.6.2.0
7f2310859000-7f231085a000 r--p 00131000 08:04 3043 /usr/lib/libX11.so.6.2.0
7f231085a000-7f231085e000 rw-p 00132000 08:04 3043 /usr/lib/libX11.so.6.2.0
7f231085e000-7f2310865000 r-xp 00000000 08:04 640 /lib/librt-2.10.1.so
7f2310865000-7f2310a64000 ---p 00007000 08:04 640 /lib/librt-2.10.1.so
7f2310a64000-7f2310a65000 r--p 00006000 08:04 640 /lib/librt-2.10.1.so
7f2310a65000-7f2310a66000 rw-p 00007000 08:04 640 /lib/librt-2.10.1.so
7f2310a66000-7f2310a7d000 r-xp 00000000 08:04 633 /lib/libpthread-2.10.1.so
7f2310a7d000-7f2310c7c000 ---p 00017000 08:04 633 /lib/libpthread-2.10.1.so
7f2310c7c000-7f2310c7d000 r--p 00016000 08:04 633 /lib/libpthread-2.10.1.so
7f2310c7d000-7f2310c7e000 rw-p 00017000 08:04 633 /lib/libpthread-2.10.1.so
7f2310c7e000-7f2310c82000 rw-p 00000000 00:00 0
7f2310c82000-7f2310c9b000 r-xp 00000000 08:04 3272 /usr/lib/libdirect-1.2.so.0.7.0
7f2310c9b000-7f2310e9a000 ---p 00019000 08:04 3272 /usr/lib/libdirect-1.2.so.0.7.0
7f2310e9a000-7f2310e9b000 r--p 00018000 08:04 3272 /usr/lib/libdirect-1.2.so.0.7.0
7f2310e9b000-7f2310e9c000 rw-p 00019000 08:04 3272 /usr/lib/libdirect-1.2.so.0.7.0

Discussion

  • Solved the problem by changing line 162 in campaing.c to

    char path[512], str[1512];

    (i.e increase the size of the str array)

    So that should be easy to update in the source code.

     
  • Michael Speck
    Michael Speck
    2010-09-20

    • status: open --> closed-duplicate
     
  • Michael Speck
    Michael Speck
    2010-09-20

    The fortify hook makes this look like a duplicate of bug 2486732 which has been fixed by now.