Segfault in map.h line 208 caused by invalid map size 0x0 #2135
Comments
corvuscorax@... uploaded file backtrace file |
Buginator changed status from |
Buginator changed resolution from `` to |
Buginator commented (In [11585]) Add checks to maps that are too small. fixes #2135 |
Buginator commented Nice details, thanks, it is appreciated! |
corvuscorax@... commented Replying to Warzone2100/old-trac-import#2135 (comment:2):
Cool no worries :) But I think you forgot to put a
in map.c line 284 |
svnsync commented (In [11587]) Missed a free(). Thanks to corvuscorax for the heads-up! |
buginator <buginator@...> commented (In Warzone2100/warzone2100@baab97f) Add checks to maps that are too small. fixes #2135 git-svn-id: https://warzone2100.svn.sourceforge.net/svnroot/warzone2100/branches/2.3@11585 4a71c877-e1ca-e34f-864e-861f7616d084 |
buginator <buginator@...> commented In Warzone2100/warzone2100@baab97f:
|
1 similar comment
buginator <buginator@...> commented In Warzone2100/warzone2100@baab97f:
|
Buginator commented Add checks to maps that are too small. fixes #2135 git-svn-id: https://warzone2100.svn.sourceforge.net/svnroot/warzone2100/branches/2.3@11585 4a71c877-e1ca-e34f-864e-861f7616d084 |
keyword_segfault_map_size_invalid
resolution_fixed
type_bug
| by corvuscorax@...map.h line 208:
According to backtrace it was called from
map_Height(), map.c, line 1190
which in turn was called from
moveUpdateDroid(), move.c, line 3000,
the invalid tile pointer came from:
The way these checks are written, a invalid map with size mapwidth=0 and mapheight=0 as encountered in this network game lead to the check:
calculating the pointer as
SEGFAULT!
Though apart from the assertions handling this fatal case incorrectly, a map with 0x0 size shouldn't have been loaded in the first place!
Please someone add a check after map download and parsing.
Issue migrated from trac:2135 at 2022-04-16 06:35:00 -0700
The text was updated successfully, but these errors were encountered: