2025-08-04 01:23 CEST
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001359AIAIpublic2009-03-14 22:332009-03-14 23:55
Reporterteferi 
Assigned Tohoijui 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
Summary0001359: Buffer overflow in AAI causes crash on game start
DescriptionA buffer overflow in a call to sprintf in AAI causes Spring 0.78.2 (as packaged in the Spring PPA) to crash on Ubuntu 8.10 amd64. A backtrace follows:

#0 0x00007f3ba1d8e015 in raise () from /lib/libc.so.6
(gdb) bt
#0 0x00007f3ba1d8e015 in raise () from /lib/libc.so.6
#1 0x00007f3ba1d8fb15 in abort () from /lib/libc.so.6
#2 0x00007f3ba1dcf0c8 in __libc_message () from /lib/libc.so.6
0000003 0x00007f3ba1e5a887 in __fortify_fail () from /lib/libc.so.6
0000004 0x00007f3ba1e58750 in __chk_fail () from /lib/libc.so.6
0000005 0x00007f3ba1e57d8b in __vsnprintf_chk () from /lib/libc.so.6
#6 0x00007f3ba1e57c5b in __snprintf_chk () from /lib/libc.so.6
#7 0x00007f3b95c86fdb in AAI::InitAI (this=0x7f3b8aa01890,
    callback=<value optimized out>, team=<value optimized out>)
    at /usr/include/bits/stdio2.h:66
#8 0x00000000008bf5f8 in CGlobalAI::LoadCPPAI (this=0x7f3b8a8450e0, team=1,
    botLibName=0x15030b8 "/usr/lib/spring/AI/Bot-libs/libAAI.so",
    postLoad=false, loadSupported=false, isJavaAI=<value optimized out>)
    at /home/adam/work/spring-0.78.2.1/rts/ExternalAI/GlobalAI.cpp:243
#9 0x00000000008bffdd in CGlobalAI::LoadAILib (this=0x7f3b8a8450e0, team=1,
    botLibName=0x15030b8 "/usr/lib/spring/AI/Bot-libs/libAAI.so", postLoad=255)
    at /home/adam/work/spring-0.78.2.1/rts/ExternalAI/GlobalAI.cpp:143
0000010 0x00000000008c052c in CGlobalAI (this=0x7f3b8a8450e0, team=1,
    botLibName=0x15030b8 "/usr/lib/spring/AI/Bot-libs/libAAI.so")
    at /home/adam/work/spring-0.78.2.1/rts/ExternalAI/GlobalAI.cpp:57
#11 0x00000000008cc919 in CGlobalAIHandler::CreateGlobalAI (this=0x7f3b90611b20,
    teamID=1, dll=0x15030b8 "/usr/lib/spring/AI/Bot-libs/libAAI.so")
    at /home/adam/work/spring-0.78.2.1/rts/ExternalAI/GlobalAIHandler.cpp:241
0000012 0x00000000004c6bee in CCommanderScript::GameStart (
    this=<value optimized out>)
    at /home/adam/work/spring-0.78.2.1/rts/Game/StartScripts/CommanderScript.cpp:61
0000013 0x000000000046bb27 in CGame::StartPlaying (this=0x18845e0)
    at /home/adam/work/spring-0.78.2.1/rts/Game/Game.cpp:3069
0000014 0x000000000048361e in CGame::ClientReadNet (this=0x18845e0)
    at /home/adam/work/spring-0.78.2.1/rts/Game/Game.cpp:3322
#15 0x0000000000484c68 in CGame::Update (this=0x18845e0)
    at /home/adam/work/spring-0.78.2.1/rts/Game/Game.cpp:2505
#16 0x000000000085d586 in SpringApp::Update (this=0x7fffad798960)
    at /home/adam/work/spring-0.78.2.1/rts/System/SpringApp.cpp:914
#17 0x00000000008626a1 in SpringApp::Run (this=0x7fffad798960, argc=3,
    argv=0x7fffad798a88)
    at /home/adam/work/spring-0.78.2.1/rts/System/SpringApp.cpp:1158
#18 0x00000000008633ba in Run (argc=3, argv=0x7fffad798a88)
    at /home/adam/work/spring-0.78.2.1/rts/System/Main.cpp:60
#19 0x00007f3ba1d79466 in __libc_start_main () from /lib/libc.so.6
0000020 0x00000000004335d9 in _start ()

I've also forked the Spring Ubuntu packaging to add a spring-engine-dbg package containing debugging symbols for the Spring binaries, to make it easier for Ubuntu users to provide meaningful bug reports. It's on my PPA at http://launchpad.net/~adam-crossproduct/+archive
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0003329

hoijui (reporter)

2009-03-14 23:55

 thank you very much for the debug symbols :-)

this bug is already fixed in master
+Notes

-Issue History
Date Modified Username Field Change
2009-03-14 22:33 teferi New Issue
2009-03-14 23:55 hoijui Note Added: 0003329
2009-03-14 23:55 hoijui Status new => resolved
2009-03-14 23:55 hoijui Resolution open => fixed
2009-03-14 23:55 hoijui Assigned To => hoijui
+Issue History