2025-07-31 02:31 CEST
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001358AIAIpublic2009-03-14 22:202009-03-14 23:56
Reporterteferi 
Assigned Tohoijui 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
Summary0001358: Buffer overflow in RAI causes crash on game start
DescriptionA buffer overflow in a call to sprintf causes Spring 0.78.2 (as packaged in the Spring PPA) to crash on Ubuntu 8.10 amd64. A backtrace follows:

#0 0x00007f32119b6015 in raise () from /lib/libc.so.6
#1 0x00007f32119b7b15 in abort () from /lib/libc.so.6
#2 0x00007f32119f70c8 in __libc_message () from /lib/libc.so.6
0000003 0x00007f3211a82887 in __fortify_fail () from /lib/libc.so.6
0000004 0x00007f3211a80750 in __chk_fail () from /lib/libc.so.6
0000005 0x00007f3211a7faf9 in _IO_str_chk_overflow () from /lib/libc.so.6
#6 0x00007f32119fb236 in _IO_default_xsputn_internal () from /lib/libc.so.6
#7 0x00007f32119cc2cc in vfprintf () from /lib/libc.so.6
#8 0x00007f3211a7fb99 in __vsprintf_chk () from /lib/libc.so.6
#9 0x00007f3211a7fae0 in __sprintf_chk () from /lib/libc.so.6
0000010 0x00007f32064a8d88 in cRAI::ClearLogFiles (this=<value optimized out>)
    at /usr/include/bits/stdio2.h:35
#11 0x00007f32064ac100 in cRAI::InitAI (this=0x7f31fb300860,
    callback=<value optimized out>, team=<value optimized out>)
    at /home/adam/work/spring-0.78.2.1/AI/Global/RAI/RAI.cpp:130
0000012 0x00000000008bf5f8 in CGlobalAI::LoadCPPAI (this=0x7f31f86e9260, team=1,
    botLibName=0x2212fe8 "/usr/lib/spring/AI/Bot-libs/libRAI.so",
    postLoad=false, loadSupported=false, isJavaAI=<value optimized out>)
    at /home/adam/work/spring-0.78.2.1/rts/ExternalAI/GlobalAI.cpp:243
0000013 0x00000000008bffdd in CGlobalAI::LoadAILib (this=0x7f31f86e9260, team=1,
    botLibName=0x2212fe8 "/usr/lib/spring/AI/Bot-libs/libRAI.so", postLoad=255)
    at /home/adam/work/spring-0.78.2.1/rts/ExternalAI/GlobalAI.cpp:143
0000014 0x00000000008c052c in CGlobalAI (this=0x7f31f86e9260, team=1,
    botLibName=0x2212fe8 "/usr/lib/spring/AI/Bot-libs/libRAI.so")
    at /home/adam/work/spring-0.78.2.1/rts/ExternalAI/GlobalAI.cpp:57
#15 0x00000000008cc919 in CGlobalAIHandler::CreateGlobalAI (this=0x7f3200674ed0,
    teamID=1, dll=0x2212fe8 "/usr/lib/spring/AI/Bot-libs/libRAI.so")
    at /home/adam/work/spring-0.78.2.1/rts/ExternalAI/GlobalAIHandler.cpp:241
#16 0x00000000004c6bee in CCommanderScript::GameStart (
    this=<value optimized out>)
    at /home/adam/work/spring-0.78.2.1/rts/Game/StartScripts/CommanderScript.cpp:61
#17 0x000000000046bb27 in CGame::StartPlaying (this=0x221aec0)
    at /home/adam/work/spring-0.78.2.1/rts/Game/Game.cpp:3069
#18 0x000000000048361e in CGame::ClientReadNet (this=0x221aec0)
    at /home/adam/work/spring-0.78.2.1/rts/Game/Game.cpp:3322
#19 0x0000000000484c68 in CGame::Update (this=0x221aec0)
    at /home/adam/work/spring-0.78.2.1/rts/Game/Game.cpp:2505
0000020 0x000000000085d586 in SpringApp::Update (this=0x7fff1d3c0590)
    at /home/adam/work/spring-0.78.2.1/rts/System/SpringApp.cpp:914
#21 0x00000000008626a1 in SpringApp::Run (this=0x7fff1d3c0590, argc=3,
    argv=0x7fff1d3c06b8)
    at /home/adam/work/spring-0.78.2.1/rts/System/SpringApp.cpp:1158
#22 0x00000000008633ba in Run (argc=3, argv=0x7fff1d3c06b8)
    at /home/adam/work/spring-0.78.2.1/rts/System/Main.cpp:60
#23 0x00007f32119a1466 in __libc_start_main () from /lib/libc.so.6
0000024 0x00000000004335d9 in _start ()

I've also forked the Spring Ubuntu packaging to add a spring-engine-dbg package containing debugging symbols for the Spring binaries, to make it easier for Ubuntu users to provide meaningful bug reports. It's on my PPA at http://launchpad.net/~adam-crossproduct/+archive .
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0003330

hoijui (reporter)

2009-03-14 23:56

 this bug is already fixed in master
+Notes

-Issue History
Date Modified Username Field Change
2009-03-14 22:20 teferi New Issue
2009-03-14 23:56 hoijui Note Added: 0003330
2009-03-14 23:56 hoijui Status new => resolved
2009-03-14 23:56 hoijui Resolution open => fixed
2009-03-14 23:56 hoijui Assigned To => hoijui
+Issue History