Chat on our Discord Server
Get the latest version: 3.2Source Code
| Anonymous | Login | Signup for a new account | 2025-07-28 00:01 UTC |  |
| My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0001212 | Zandronum | [All Projects] Bug | public | 2012-12-13 21:11 | 2018-09-30 20:46 | ||||
| Reporter | Dusk | ||||||||
| Assigned To | Torr Samaho | ||||||||
| Priority | normal | Severity | crash | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 1.0 | ||||||||
| Target Version | 1.1 | Fixed in Version | 1.1 | ||||||
| Summary | 0001212: Hold tight to your seats: Blood map reading messes up numsectors | ||||||||
| Description | This is quite a strange chain of events. Basically it seems that ZDoom can read Blood maps up to an extent, and what's up still remains functional. If someone tries to change to a map the engine deems worthy of checking whether's a Blood map, it does a series on checks on it (P_IsBuildMap) before loading it as such. However, this series of checks involves changing numsectors with it assuming it's a Blood map... the line of code in question is p_buildmap.cpp:162. The line is also duplicated later on. Here's the part which makes this a bit more scary: it seems that some lumps, ZDoom Wars' text file in particular, gets P_IsBuildMap'd. numsectors gets messed up and a crash is triggered by unlagged, which relies on numsectors in its sector building mode. This made the ZDoom Wars server on Grandvoid vulnerable. Two users found this and went as far to exploit it against another player, earning bans in the process... | ||||||||
| Steps To Reproduce | - Load up a server with attached zdwarstest.pk3. No clients needed. - changemap zdoomwar | ||||||||
| Additional Information | Commenting out p_buildmap.cpp:162 fixes the crash. Latest ZDoom does not seem to exhibit the crash. | ||||||||
| Attached Files |  zdwarstest.pk3 [^] (13,377 bytes) 2012-12-13 21:11 | ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
 (0005590)Torr Samaho (administrator) 2012-12-27 12:34 |
Are you sure that zdwarstest.pk3 contains the map? I just downloaded it and it only seems to contain ZDoomWarsIv2.6.txt (a ZDoom Wars readme). |
 (0005591)Dusk (developer) 2012-12-27 13:08 |
The map doesn't exist, the readme file gets truncated down to "ZDOOMWAR" when the file is parsed (like how textcolors.txt goes down to "TEXTCOLO"). However, when "changemap zdoomwar" is attempted, it tries to read the text file as a Build map, and that's when things go wonky. |
|
(0005662) Torr Samaho (administrator) 2013-01-02 17:02 edited on: 2013-01-02 17:02 |
Ah, I see.'https://bitbucket.org/Torr_Samaho/zandronum/commits/f4a49c128b33ca263d043543efb9ef21c1001a2d [^]' should take care of the issue. That's a bug of ZDoom's P_IsBuildMap implementation and should also be fixed in ZDoom. |
|
(0005949) Dusk (developer) 2013-02-06 20:35 |
Since the given example wad is also the only thing that can possibly trigger this problem, all that can be tested on this bug is that the example wad works properly - which it does. So I'm marking this as fixed. |
|
Notes |
|
This issue is already marked as resolved. If you feel that is not the case, please reopen it and explain why. |
|
| Supporters: | No one explicitly supports this issue yet. |
| Opponents: | No one explicitly opposes this issue yet. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-12-13 21:11 | Dusk | New Issue | |
| 2012-12-13 21:11 | Dusk | File Added: zdwarstest.pk3 | |
| 2012-12-13 21:13 | Dusk | Additional Information Updated | View Revisions |
| 2012-12-13 21:15 | Dusk | Description Updated | View Revisions |
| 2012-12-27 12:34 | Torr Samaho | Note Added: 0005590 | |
| 2012-12-27 12:34 | Torr Samaho | Status | new => feedback |
| 2012-12-27 13:08 | Dusk | Note Added: 0005591 | |
| 2012-12-27 13:08 | Dusk | Status | feedback => new |
| 2013-01-02 17:02 | Torr Samaho | Note Added: 0005662 | |
| 2013-01-02 17:02 | Torr Samaho | Assigned To | => Torr Samaho |
| 2013-01-02 17:02 | Torr Samaho | Status | new => needs testing |
| 2013-01-02 17:02 | Torr Samaho | Note Edited: 0005662 | View Revisions |
| 2013-01-02 17:02 | Torr Samaho | Note Revision Dropped: 5662: 0003103 | |
| 2013-01-02 17:03 | Torr Samaho | Product Version | => 1.0 |
| 2013-01-02 17:03 | Torr Samaho | Target Version | => 1.1 |
| 2013-02-06 20:35 | Dusk | Note Added: 0005949 | |
| 2013-02-06 20:35 | Dusk | Status | needs testing => resolved |
| 2013-02-06 20:35 | Dusk | Fixed in Version | => 1.1 |
| 2013-02-06 20:35 | Dusk | Resolution | open => fixed |
| 2013-02-06 20:36 | Dusk | Status | resolved => feedback |
| 2013-02-06 20:36 | Dusk | Resolution | fixed => reopened |
| 2013-02-06 20:36 | Dusk | Status | feedback => resolved |
| 2013-02-06 20:36 | Dusk | Resolution | reopened => fixed |
| 2013-02-06 20:36 | Dusk | View Status | private => public |
| 2018-09-30 20:46 | Blzut3 | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2025 MantisBT Team |
 |
ZDoom
Doom Wiki
id Software
Doomworld
Odamex
Doomseeker
Internet Doom Explorer
The Sentinel's Playground Servers