0003927: doomseeker crashes upon changing fraglimit in zandro server

Notes
(0021854) WubTheCaptain (reporter) 2021-12-09 00:29	Server advertisement (tested at least in LAN) craps out. Thread 1 "doomseeker" received signal SIGSEGV, Segmentation fault. 0x00007ffff6882e70 in QString::operator=(QString const&) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 (gdb) bt full #0 0x00007ffff6882e70 in QString::operator=(QString const&) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. #1 0x0000555555683b50 in PWad::PWad(QString const&, bool) () No symbol table info available. 0000002 0x00007ffff0da4d55 in ZandronumServer::readRequest(QByteArray const&) () from /usr/lib/x86_64-linux-gnu/doomseeker/engines/libzandronum.so No symbol table info available. 0000003 0x00007ffff0d87f2c in ZandronumBroadcast::readAllPendingDatagrams() () from /usr/lib/x86_64-linux-gnu/doomseeker/engines/libzandronum.so No symbol table info available. 0000004 0x00007ffff6a1c1b8 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000005 0x00007ffff74833cf in ?? () from /lib/x86_64-linux-gnu/libQt5Network.so.5 No symbol table info available. 0000006 0x00007ffff7496211 in ?? () from /lib/x86_64-linux-gnu/libQt5Network.so.5 No symbol table info available. 0000007 0x00007ffff77b86bf in QApplicationPrivate::notify_helper(QObject, QEvent) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 No symbol table info available. 0000008 0x00007ffff69e5b1a in QCoreApplication::notifyInternal2(QObject, QEvent) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000009 0x00007ffff6a3dd0d in ?? () from /lb/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000010 0x00007ffff5819cdb in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. 0000011 0x00007ffff5819f88 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. 0000012 0x00007ffff581a03f in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. 0000013 0x00007ffff6a3d154 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000014 0x00007ffff69e452b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000015 0x00007ffff69ec800 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000016 0x000055555563a2f3 in Main::run() () No symbol table info available. 0000017 0x00005555554eb5db in main () No symbol table info available. Debug symbols available in attached gdb-1.txt and gdb-2.txt log files. The server process needs to be killed for Doomseeker to launch again (and not be hit by this bug immediately on server list fetching). I'm guessing this is remotely exploitable (crashable) with Doomseeker's default configuration.

(0021855) WubTheCaptain (reporter) 2021-12-09 00:31 edited on: 2021-12-09 02:57	~~For the record, Qt 5.15 is also showing lots of deprecation warnings when compiling.~~ I've tested with Qt 5.15, but have not tested with earlier Qt5 versions. But we're probably doing something wrong here ourselves too.

(0021856) WubTheCaptain (reporter) 2021-12-09 00:39 edited on: 2021-12-09 00:40	To reproduce the bug, the primary conditions are: When hosting the server, it must be broadcast to at least LAN. Doomseeker must query for Zandronum servers and refresh the server list to see the server; this may happen automatically, depending on configuration (and may require mouse focus on the server list window). Additional conditions as reported by OP.

(0021857) WubTheCaptain (reporter) 2021-12-09 00:40	I also had this different error earlier. (gdb) bt full #0 0x0000555555683b60 in PWad::isOptional() const () No symbol table info available. #1 0x00007ffff0da4d20 in ZandronumServer::readRequest(QByteArray const&) () from /usr/lib/x86_64-linux-gnu/doomseeker/engines/libzandronum.so No symbol table info available. 0000002 0x00007ffff0d87f2c in ZandronumBroadcast::readAllPendingDatagrams() () from /usr/lib/x86_64-linux-gnu/doomseeker/engines/libzandronum.so No symbol table info available. 0000003 0x00007ffff6a1c1b8 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000004 0x00007ffff74833cf in ?? () from /lib/x86_64-linux-gnu/libQt5Network.so.5 No symbol table info available. 0000005 0x00007ffff7496211 in ?? () from /lib/x86_64-linux-gnu/libQt5Network.so.5 No symbol table info available. 0000006 0x00007ffff77b86bf in QApplicationPrivate::notify_helper(QObject, QEvent) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 No symbol table info available. 0000007 0x00007ffff69e5b1a in QCoreApplication::notifyInternal2(QObject, QEvent) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000008 0x00007ffff6a3dd0d in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000009 0x00007ffff5819cdb in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. 0000010 0x00007ffff5819f88 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. 0000011 0x00007ffff581a03f in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. 0000012 0x00007ffff6a3d154 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000013 0x00007ffff69e452b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000014 0x00007ffff69ec800 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5 No symbol table info available. 0000015 0x000055555563a2f3 in Main::run() () No symbol table info available. 0000016 0x00005555554eb5db in main () No symbol table info available.

(0021868) Zalewa (developer) 2021-12-09 16:24	A crash like this is not good. The protocol parser should be resistant to the data it accepts, which it clearly isn't, and any specifically prepared server could crash it. I'm upping the priority to urgent on this.

(0021870) WubTheCaptain (reporter) 2021-12-10 19:17 edited on: 2021-12-10 19:18	Target Version for this issue?

(0021871) Zalewa (developer) 2021-12-10 19:39	@WaTaKiD I've released an update for the Zandronum and Q-Zandronum plugins to the beta channel (for Windows). Can you install that and check? * The fix:'https://bitbucket.org/Doomseeker/doomseeker/commits/58fbf2c36e999893d729fcbd1f6904906ae59f6e [^]' Quote from Wub Target version for this issue? Dunno. It's probably gonna be released as 1.3.2-p1.

(0021873) WaTaKiD (updater) 2021-12-11 01:29	while i cant speak for qzandronum, this does seem to be fixed for regular zandronum

(0021875) WubTheCaptain (reporter) 2021-12-11 02:47	I'll leave this issue up to Zalewa to resolve, though I state my support for the idea of a 1.3.2-p1 release with these two patched engines on top of the latest stable Doomseeker 1.3.2 release.

(0021876) WubTheCaptain (reporter) 2021-12-11 02:48	Quote from WubTheCaptain I'll leave this issue up to Zalewa to resolve, though I state my support for the idea of a 1.3.2-p1 release with these two patched engines on top of the latest stable Doomseeker 1.3.2 release. For DRDTeam Debian packages, this would mean updates to doomseeker-zandronum and doomseeker-zandronumq packages alone.

(0021877) WubTheCaptain (reporter) 2021-12-11 03:19	Zalewa: For the record, the copyright years in file headers never seem to be updated even for so significant changes like this. 🙃 "About" dialogue is currently fine.

This issue is already marked as resolved. If you feel that is not the case, please reopen it and explain why.
Supporters:	No one explicitly supports this issue yet.
Opponents:	No one explicitly opposes this issue yet.

Issue History
Date Modified	Username	Field	Change
2021-12-04 18:44	WaTaKiD	New Issue
2021-12-08 23:58	WubTheCaptain	Status	new => confirmed
2021-12-08 23:59	WubTheCaptain	File Added: Zandronum__2021_12_08-23_58_14.log
2021-12-09 00:26	WubTheCaptain	File Added: gdb-1.txt
2021-12-09 00:26	WubTheCaptain	File Added: gdb-2.txt
2021-12-09 00:29	WubTheCaptain	Note Added: 0021854
2021-12-09 00:31	WubTheCaptain	Note Added: 0021855
2021-12-09 00:31	WubTheCaptain	Note Edited: 0021855	View Revisions
2021-12-09 00:39	WubTheCaptain	Note Added: 0021856
2021-12-09 00:40	WubTheCaptain	Note Edited: 0021856	View Revisions
2021-12-09 00:40	WubTheCaptain	Note Added: 0021857
2021-12-09 00:52	WubTheCaptain	OS	Windows =>
2021-12-09 00:52	WubTheCaptain	OS Version	XP/Vista/7 =>
2021-12-09 00:52	WubTheCaptain	Platform	Microsoft =>
2021-12-09 02:57	WubTheCaptain	Note Edited: 0021855	View Revisions
2021-12-09 16:24	Zalewa	Note Added: 0021868
2021-12-09 16:24	Zalewa	Priority	normal => urgent
2021-12-09 20:56	Pol M	Assigned To	=> Pol M
2021-12-09 20:56	Pol M	Status	confirmed => assigned
2021-12-09 21:52	Pol M	Assigned To	Pol M =>
2021-12-09 21:52	Pol M	Status	assigned => confirmed
2021-12-10 19:10	Zalewa	Assigned To	=> Zalewa
2021-12-10 19:10	Zalewa	Status	confirmed => assigned
2021-12-10 19:17	WubTheCaptain	Note Added: 0021870
2021-12-10 19:18	WubTheCaptain	Note Edited: 0021870	View Revisions
2021-12-10 19:39	Zalewa	Note Added: 0021871
2021-12-10 19:39	Zalewa	Status	assigned => needs testing
2021-12-11 01:29	WaTaKiD	Note Added: 0021873
2021-12-11 02:47	WubTheCaptain	Note Added: 0021875
2021-12-11 02:48	WubTheCaptain	Note Added: 0021876
2021-12-11 03:10	WubTheCaptain	Relationship added	related to 0003936
2021-12-11 03:19	WubTheCaptain	Note Added: 0021877
2021-12-11 09:22	Zalewa	Status	needs testing => resolved
2021-12-11 09:22	Zalewa	Resolution	open => fixed
2021-12-11 15:53	WubTheCaptain	Fixed in Version	=> 1.3.3
2021-12-11 15:53	WubTheCaptain	Target Version	=> 1.3.3
2022-03-22 11:11	WubTheCaptain	Status	resolved => closed