MantisBT - Zandronum
View Issue Details
0001910Zandronum[All Projects] Bugpublic2014-08-10 10:482018-09-30 22:15
Dusk 
Edward-san 
normalminorhave not tried
closedfixed 
 
3.03.0 
0001910: buffer overflow in SectorSound

                    // [BC] If we're the server, tell clients to play this sound.
                    if ( NETWORK_GetState( ) == NETSTATE_SERVER )
                        SERVERCOMMANDS_SoundPoint( activationline->frontsector->soundorg[0], activationline->frontsector->soundorg[1], activationline->frontsector->soundorg[2], CHAN_AUTO, (char *)lookup, (float)(STACK(1)) / 127.f, ATTN_NORM );


Quote

/home/crimson/dev/zandronum-stable/src/p_acs.cpp:5920:157: warning: array subscript is above array bounds [-Warray-bounds]
       SERVERCOMMANDS_SoundPoint( activationline->frontsector->soundorg[0], activationline->frontsector->soundorg[1], activationline->frontsector->soundorg[2], CHAN_AUTO, (char *)lookup, (float)(STACK(1)) / 127.f, ATTN_NORM );


soundorg only has 2 elements.
No tags attached.
Issue History
2014-08-10 10:48DuskNew Issue
2014-08-10 19:05Edward-sanNote Added: 0010170
2015-07-18 12:16Edward-sanNote Added: 0012966
2015-07-18 12:16Edward-sanAssigned To => Edward-san
2015-07-18 12:16Edward-sanStatusnew => needs review
2015-07-18 12:17Edward-sanTarget Version => 3.0
2015-08-19 19:40Torr SamahoNote Added: 0013242
2015-08-19 19:40Torr SamahoStatusneeds review => needs testing
2015-08-19 19:44cobaltNote Added: 0013243
2015-09-12 22:20Ru5tK1ngNote Added: 0013501
2015-12-06 23:53Ru5tK1ngStatusneeds testing => resolved
2015-12-06 23:53Ru5tK1ngResolutionopen => fixed
2015-12-06 23:53Ru5tK1ngFixed in Version => 3.0
2018-09-30 22:15Blzut3Statusresolved => closed

Notes
(0010170)
Edward-san   
2014-08-10 19:05   
Just for completeness, this zdoom commit contains a fix related to this ticket (the other hunks are also useful for fixing potential crashes... and also other commits in that range are potential crash fixes).
(0012966)
Edward-san   
2015-07-18 12:16   
'https://bitbucket.org/crimsondusk/zandronum-sandbox/commits/e992afea1e071aff1242b0848bd2e626b412a576 [^]'
(0013242)
Torr Samaho   
2015-08-19 19:40   
I added your patch.
(0013243)
cobalt   
2015-08-19 19:44   
Issue addressed by commit 1c6891e1a4c4: - Fixed: sector_t::soundorg was accessed out of bounds (fixes 1910). - zandronum ported the zdoom fixes to a similar problem, so fix it on the zandronum side, too.
Committed by Edoardo Prezioso [edward-san] on Thursday 16 July 2015 14:20:26

Changes in files:

 src/cl_main.cpp | 34 ++++++++++++++++++++++++++++++++++
 src/network_enums.h | 1 +
 src/p_acs.cpp | 2 +-
 src/sv_commands.cpp | 20 ++++++++++++++++++++
 src/sv_commands.h | 1 +
 5 files changed, 57 insertions(+), 1 deletions(-)

(0013501)
Ru5tK1ng   
2015-09-12 22:20   
In 3.0, I was unable to really break anything or get any type of error message to appear on the console online or offline. I repeatedly triggered a couple of sectorsound scripts and they didn't bug out. Not sure if any other methods need to be used to test this.