goblin-com icon indicating copy to clipboard operation
goblin-com copied to clipboard
verified publisher icon skeeto

Buffer overflow

Open przem360 opened this issue 2 years ago • 2 comments

Hi, first of all - it is impressive, you've made an amazing game.

I have the following issue:

I've compiled the game myself for Linux and it runs well, everything seems to work but as soon as I press the h button, game crashes stating just:
*** buffer overflow detected ***: terminated

przem360 avatar Jun 26 '23 18:06 przem360

Hmm, I wrote this a long time ago, and some buffer overflow edge case isn't surprising. However, after a bunch of tries with fresh maps, I'm unable to reproduce. I wonder if you've generated a bad save, and because it keeps loading this save it keeps crashing. Try moving your persist.gcom out of the way, which is the save file, and see if it keeps crashing with a fresh start. If that fixes it, I'm interested in seeing that save file since it will probably let me reproduce the issue.

If you'd like to take a crack at it yourself, disable optimization and enable sanitizers (which I didn't know about at the time):

make -B CFLAGS='-g3 -fsanitize=address,undefined'

When it crashes you'll get a debug printout from Address Sanitizer. Or going even further:

$ export ASAN_OPTIONS=abort_on_error=1:halt_on_error=1
$ export UBSAN_OPTIONS=abort_on_error=1:halt_on_error=1
$ gdb ./gcom
(gdb) run

These will cause it to break in GDB the moment it overflows (use CTRL+L to redraw), which would provide a wealth of information about the defect.

skeeto avatar Jun 26 '23 19:06 skeeto

Hi @skeeto thanks for your help!

It is not caused by a bad save, I removed save file.

Turns out that on my system buffer overflow after pressing h occurs only if flag -O3 is passed, so i.e. changing:
CFLAGS = -std=c99 -Wall -Wextra -g3 -O3 to CFLAGS = -std=c99 -Wall -Wextra -g3 allows to make a good (no buffer overflow error) build, so I guess, it does the job for me :)

also, when I build with make -B CFLAGS='-g3 -fsanitize=address,undefined' the binary works perfect

Just out of curiosity I've build with make -B CFLAGS='-g3 -fsanitize=address,undefined -O3, so the error occurs.

After running in GDB game starts, first thing i do is to press h and game crashes with buffer overflow.
Backtrace:

Program received signal SIGABRT, Aborted.
     __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737331238912) at ./nptl/pthread_kill.c:44
44	./nptl/pthread_kill.c: Nie ma takiego pliku ani katalogu.
(gdb) backtrace
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737331238912)
    at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737331238912)
    at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140737331238912, signo=signo@entry=6)
    at ./nptl/pthread_kill.c:89
#3  0x00007ffff6cba476 in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/posix/raise.c:26
#4  0x00007ffff6ca07f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff6d016f6 in __libc_message (action=action@entry=do_abort, 
    fmt=fmt@entry=0x7ffff6e53943 "*** %s ***: terminated\n")
    at ../sysdeps/posix/libc_fatal.c:155
#6  0x00007ffff6dae76a in __GI___fortify_fail (
    msg=msg@entry=0x7ffff6e538e9 "buffer overflow detected")
    at ./debug/fortify_fail.c:26
#7  0x00007ffff6dad0c6 in __GI___chk_fail () at ./debug/chk_fail.c:28
#8  0x000055555558ca9e in strcpy (__src=0x5555555b2200 "(Rk{enter} to hire)", 
    __dest=0x624000002535 "")
    at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:79
#9  ui_heroes (terrain=<optimized out>, game=<optimized out>) at src/main.c:502
#10 main () at src/main.c:755
(gdb)

przem360 avatar Jun 27 '23 12:06 przem360