Zandronum Chat on our Discord Server Get the latest version: 3.2
Source Code
My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001910Zandronum[All Projects] Bugpublic2014-08-10 10:482018-09-30 22:15
ReporterDusk 
Assigned ToEdward-san 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version3.0Fixed in Version3.0 
Summary0001910: buffer overflow in SectorSound
Description

                    // [BC] If we're the server, tell clients to play this sound.
                    if ( NETWORK_GetState( ) == NETSTATE_SERVER )
                        SERVERCOMMANDS_SoundPoint( activationline->frontsector->soundorg[0], activationline->frontsector->soundorg[1], activationline->frontsector->soundorg[2], CHAN_AUTO, (char *)lookup, (float)(STACK(1)) / 127.f, ATTN_NORM );


Quote

/home/crimson/dev/zandronum-stable/src/p_acs.cpp:5920:157: warning: array subscript is above array bounds [-Warray-bounds]
       SERVERCOMMANDS_SoundPoint( activationline->frontsector->soundorg[0], activationline->frontsector->soundorg[1], activationline->frontsector->soundorg[2], CHAN_AUTO, (char *)lookup, (float)(STACK(1)) / 127.f, ATTN_NORM );


soundorg only has 2 elements.
Attached Files

- Relationships

-  Notes
User avatar (0010170)
Edward-san (developer)
2014-08-10 19:05

 Just for completeness, this zdoom commit contains a fix related to this ticket (the other hunks are also useful for fixing potential crashes... and also other commits in that range are potential crash fixes).
User avatar (0012966)
Edward-san (developer)
2015-07-18 12:16

 'https://bitbucket.org/crimsondusk/zandronum-sandbox/commits/e992afea1e071aff1242b0848bd2e626b412a576 [^]'
User avatar (0013242)
Torr Samaho (administrator)
2015-08-19 19:40

 I added your patch.
User avatar (0013243)
cobalt (updater)
2015-08-19 19:44

 Issue addressed by commit 1c6891e1a4c4: - Fixed: sector_t::soundorg was accessed out of bounds (fixes 1910). - zandronum ported the zdoom fixes to a similar problem, so fix it on the zandronum side, too.
Committed by Edoardo Prezioso [edward-san] on Thursday 16 July 2015 14:20:26

Changes in files:

 src/cl_main.cpp | 34 ++++++++++++++++++++++++++++++++++
 src/network_enums.h | 1 +
 src/p_acs.cpp | 2 +-
 src/sv_commands.cpp | 20 ++++++++++++++++++++
 src/sv_commands.h | 1 +
 5 files changed, 57 insertions(+), 1 deletions(-)
User avatar (0013501)
Ru5tK1ng (updater)
2015-09-12 22:20

 In 3.0, I was unable to really break anything or get any type of error message to appear on the console online or offline. I repeatedly triggered a couple of sectorsound scripts and they didn't bug out. Not sure if any other methods need to be used to test this.

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: Gummywormz unknownna
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2014-08-10 10:48 Dusk New Issue
2014-08-10 19:05 Edward-san Note Added: 0010170
2015-07-18 12:16 Edward-san Note Added: 0012966
2015-07-18 12:16 Edward-san Assigned To => Edward-san
2015-07-18 12:16 Edward-san Status new => needs review
2015-07-18 12:17 Edward-san Target Version => 3.0
2015-08-19 19:40 Torr Samaho Note Added: 0013242
2015-08-19 19:40 Torr Samaho Status needs review => needs testing
2015-08-19 19:44 cobalt Note Added: 0013243
2015-09-12 22:20 Ru5tK1ng Note Added: 0013501
2015-12-06 23:53 Ru5tK1ng Status needs testing => resolved
2015-12-06 23:53 Ru5tK1ng Resolution open => fixed
2015-12-06 23:53 Ru5tK1ng Fixed in Version => 3.0
2018-09-30 22:15 Blzut3 Status resolved => closed




Questions or other issues? Contact Us.

Links

Copyright © 2000 - 2025 MantisBT Team
Powered by Mantis Bugtracker