Menu

#667 Savegame buffer overrun

Occasionally occurs
closed-fixed
Wesley Johnson
None
5
2020-11-20
2020-10-12
Michael Bäuerle
No

Tested with Doom Legacy SVN revision 1549.
WAD file "Antaresian Reliquary" (labeled as Boom compatible):
https://doomworld.com/idgames/levels/doom2/Ports/a-c/anta_req

How to reproduce:
At the start of Map 4: Do not move (monsters don't wake up), save the game immediately.

On Linux/PowerPC (big endian):
This will crash the engine with a Segmentation fault (I have tried it multiple times, it crashed on every attempt).
See below for the backtrace.

$ doomlegacy -game doom2 -file /usr/pkg/share/doom/ANTA_REQ.wad -warp 4
|
| [No move, try to save game]
| Program terminated with signal SIGSEGV, Segmentation fault.
| #0 0x0fb61240 in ?? () from /lib/powerpc-linux-gnu/libc.so.6
| [...]
| (gdb) backtrace
| #0 0x0fb61240 in ?? () from /lib/powerpc-linux-gnu/libc.so.6
| #1 0x0fb60fc0 in memcpy () from /lib/powerpc-linux-gnu/libc.so.6
| #2 0x100b95a4 in memcpy (__len=36, __src=0xf5c32308, __dest=<optimized out="">) at /usr/include/powerpc-linux-gnu/bits/string3.h:52
| #3 P_ArchiveThinkers () at p_saveg.c:2156
| #4 P_Savegame_Save_game () at p_saveg.c:3812
| #5 0x10098b84 in G_DoSaveGame (savegameslot=savegameslot@entry=4, savedescription=savedescription@entry=0xff946218 "y") at g_game.c:2747
| #6 0x100c1640 in Got_NetXCmd_SaveGame_cmd (xc=0xff946258) at d_netcmd.c:1070
| #7 0x100c51ec in ExtraDataTicker () at d_clisrv.c:969
| #8 0x100c953c in TryRunTics (realtics=<optimized out="">) at d_clisrv.c:5820
| #9 0x100cfa40 in D_DoomLoop () at d_main.c:967
| #10 0x10003384 in main (argc=<optimized out="">, argv=<optimized out="">) at sdl/i_main.c:86</optimized></optimized></optimized></optimized>

On NetBSD/amd64 there is no Segmentation fault, but the error messages below:
|
| [...]
| Warn: P_SpawnMapthing: Unknown type 143 at (128, 0)
| Warn: Savegame buffer overrun, need 321171
| Warn: Savegame buffer overrun, need 321174
| Warn: Savegame buffer overrun, need 321180
| Warn: Savegame buffer overrun, need 321207
| Warn: Savegame buffer overrun, need 321209

Discussion

  • Wesley Johnson

    Wesley Johnson - 2020-11-20
    • status: open --> closed-fixed
    • assigned_to: Wesley Johnson
     

  • Wesley Johnson

    Wesley Johnson - 2020-11-20

    Badly placed check for buffer overrun. Was skipped by continue stmts in same loop.
    Moved the check to top of the loop, so it cannot be skipped.
    Max buffer usage is now 67K, which is half of savebuffer.
    Fixed svn 1553.

     

Log in to post a comment.