Re: [Bug-freedink] Bugreport and Patch for fixing segfault when loading games (modern compiler)

[Sylvain]

Hi,

This bug is resurfacing these days because I still didn't release v109
- just to say thanks for the report, and that it was actually fixed in
the development version already:
https://git.savannah.gnu.org/cgit/freedink.git/commit/?id=2516bb7c16066d432bf287567f30d533cd067337

Cheers!
Sylvain

On Sat, Jan 02, 2016 at 09:55:36PM +0100, Christian Ludwig wrote:
> Hello Freedink-team,
> 
> here is a bug-report with fix for version 108.4.
> 
> When using modern compilers (with optimizations turned on) one gets a
> segfault if one tries to load a saved game. Or as always with undefined
> behaviour: it can occur with a certain probability.
> Fix:
> 
> very short version:
> ===================
> --- freedink-108.4/src/dinkc.c        2014-10-17 17:15:09.000000000 +0200
> +++ rpmbuild/SOURCES/freedink-108.4/src/dinkc.c       2016-01-02
> 21:25:45.000000000 +0100
> @@ -63,7 +63,7 @@
>    int lifespan;
>    unsigned long timer;
>  };
> -static struct call_back callback[MAX_CALLBACKS];
> +static struct call_back callback[MAX_CALLBACKS+1];
>  /* TODO: Used 1->100 in the game, should it be MAX_CALLBACKS+1 ? */
> 
>  /* DinkC script buffer */
> 
> longer explanation:
> ===================
> Modern compiler (like gcc 5.3.1 under Fedora 23) use the undefined
> behaviour like in dinkc.c kill_all_scripts_for_real
> 
>   for (k = 1; k <= MAX_CALLBACKS; k++)
>     {
>       callback[k].active = 0;
>     }
> 
> and overwrite (memory layout with optimization) the "bindings" variable
> in dinkc_bindings.c. [Yes, it took me a while of debugging, to see this.]
> 
> more detailed explanation:
> ==========================
> Attempt to load game with original version:
> 
> [debug] Stopped cd
> [debug] Killed script start-2. (num 1)
> [debug] Killed script start-1. (num 2)
> [debug] Killed script start-2. (num 3)
> [debug] Killed script start-4. (num 4)
> [info ] World data loaded.
> [info ] loading tilescreens...
> [info ] Done with tilescreens...
> [info ] LOADING main
> [debug] Temp thingie is C
> [info ] Loading script STORY/MAIN.C.. (slot 1)
> [debug] Reading from disk...
> [debug] Script main is entered at 3:12 (offset 49).
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000555555586f97 in safe_hasher ()
> 
> #0  0x0000555555586f97 in safe_hasher ()
> #1  0x00005555555874df in hash_lookup ()
> #2  0x0000555555560b31 in dinkc_bindings_lookup ()
> #3  0x000055555556950e in process_line ()
> #4  0x000055555555bf50 in run_script ()
> #5  0x000055555556d22e in load_game ()
> #6  0x000055555555df12 in dc_load_game ()
> #7  0x000055555556a4a6 in process_line ()
> #8  0x000055555555bf50 in run_script ()
> #9  0x0000555555584703 in process_talk ()
> #10 0x0000555555586a44 in updateFrame ()
> #11 0x0000555555559585 in main ()
> 
> because safe_hasher wants to read table->n_buckets and because
> table==bindings is pointing somewhere.
> 
> Hope this helps to improve this cool game.