Cronocide/Descent3
1
0
Fork 0
mirror of https://github.com/kevinbentley/Descent3.git synced 2025-01-22 11:28:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Resolve out-of-bounds access in _splitpath

Browse Source 
Crash at the start of every level.

==43628==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000c5a6f at pc 0x7efd39f3868a bp 0x7ffe5a39ec80 sp 0x7ffe5a39ec78
READ of size 1 at 0x5020000c5a6f thread T0
    f0 _splitpath(char const*, char*, char*, char*, char*) $GIT/scripts/linux_lib.cpp:37
    f1 InitializeDLL $GIT/scripts/level1.cpp:705
    f2 Osiris_LoadLevelModule(char*) $GIT/Descent3/OsirisLoadandBind.cpp:1095
    f3 InitLevelScript() $GIT/Descent3/Mission.cpp:1699
    f4 StartLevel() $GIT/Descent3/gamesequence.cpp:1622
    f5 LoadAndStartCurrentLevel() $GIT/Descent3/gamesequence.cpp:1675
    f6 GameSequencer() $GIT/Descent3/gamesequence.cpp:1197
    f7 PlayGame() $GIT/Descent3/game.cpp:834
    f8 MainLoop() $GIT/Descent3/descent.cpp:555
    f9 Descent3() $GIT/Descent3/descent.cpp:508
    f10 oeD3LnxApp::run() $GIT/Descent3/sdlmain.cpp:151

0x5020000c5a6f is located 1 bytes before 7-byte region [0x5020000c5a70,0x5020000c5a77)
allocated by thread T0 here:
    f0 strdup (/lib64/libasan.so.8+0xf68e0) (BuildId: 5615a04b8d0a5a8eafa661f7235e2d98fa2b9137)
    f1 Osiris_LoadLevelModule(char*) $GIT/Descent3/OsirisLoadandBind.cpp:1046
    f2 InitLevelScript() $GIT/Descent3/Mission.cpp:1699
    f3 StartLevel() $GIT/Descent3/gamesequence.cpp:1622
    f4 LoadAndStartCurrentLevel() $GIT/Descent3/gamesequence.cpp:1675
    f5 GameSequencer() $GIT/Descent3/gamesequence.cpp:1197
    f6 PlayGame() $GIT/Descent3/game.cpp:834
    f7 MainLoop() $GIT/Descent3/descent.cpp:555
    f8 Descent3() $GIT/Descent3/descent.cpp:508
    f9 oeD3LnxApp::run() $GIT/Descent3/sdlmain.cpp:151
This commit is contained in:
Jan Engelhardt 2024-08-31 00:24:57 +02:00
parent 541ca70b00
commit 97eeab914b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/linux_lib.cpp
View File

@ -34,7 +34,7 @@ void _splitpath(const char *srcPath, char *drive, char *path, char *filename, ch
// Check for an extension
///////////////////////////////////////
int t = totalLen - 1;
while ((srcPath[t] != '.') && (srcPath[t] != '/') && (t >= 0))
while (t >= 0 && (srcPath[t] != '.') && (srcPath[t] != '/') && (t >= 0))
t--;
// see if we are at an extension
if ((t >= 0) && (srcPath[t] == '.')) {
@ -54,7 +54,7 @@ void _splitpath(const char *srcPath, char *drive, char *path, char *filename, ch
// Check for file name
////////////////////////////////////
int temp = (extStart != -1) ? (extStart) : (totalLen - 1);
while ((srcPath[temp] != '/') && (temp >= 0))
while (temp >= 0 && (srcPath[temp] != '/') && (temp >= 0))
temp--;
if (temp < 0)
temp = 0;