[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-XBoard] Re: Winboard
|
From: |
Leo Dijksman |
|
Subject: |
Re: [Bug-XBoard] Re: Winboard |
|
Date: |
Tue, 27 Jan 2004 18:44:46 +0100 |
Hi Daniel,
With Amy 0.8.3 or 0.8.4 I can reproduce the crash from this position:
4B3/8/7p/7P/3k4/5r2/2K5/8 b - - 0 64
If you let Amy analise from there and nothing happen after a minute or 10
then play Rf2+ and later eventual Kb3.
I think the position is not so important, the problem is happen if a engine
outputs a long pv like thisone: (this one is from Amy, the last line of the
winboard.debug
before WinBoard crashed)
1129281 <first : 1 262 0 4 2. .. Kd5 3. Bg6 Rf8 4.
Kc2 Rf3 5. Kd2 Ke5 6. Bc2 Rh3 7. Bg6 Kf4 8. Bf7 Kf3 9. Kc3 Kg2+ 10. Kd4 Rh4+
11. Ke5 Rd4 12. Bg6 Rd1 13. Bf5 Kh2 14. Bg6 Kh1 15. Kf5 Re1 16. Kf6 Re2 17.
Bf5 Re3 18. Bg6 Kh2 19. Bf7 Rf3+ 20. Ke6 Rg3 21. Bg6 Rg5 22. Kf7 Kh1 23. Ke6
Rg2 24. Kf7 Rf2+ 25. Ke6 Rh2 26. Kf7 Rb2 27. Bf5 Kh2 28. Bg6 Rf2+ 29. Ke6
Rg2 30. Kf7 Rg3 31. Ke6 Rg5 32. Kf7 Kh1 33. Ke6 Rg2 34. Kf7 Rf2+ 35. Ke6 Rh2
36. Kf7 Rb2 37. Bf5 Kh2 38. Bg6 Rf2+ 39. Ke6 Rg2 40. Kf7 Rg3 41. Ke6
then WinBoard starts to use cpu time and crash very fast!
Best wishes,
Leo.
----- Original Message -----
From: "Daniel Mehrmann" <address@hidden>
To: "Leo Dijksman" <address@hidden>
Cc: "XBoard Bug" <address@hidden>
Sent: Tuesday, January 27, 2004 2:43 AM
Subject: Re: [Bug-XBoard] Re: Winboard
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Leo Dijksman wrote:
>
> Hi Leo,
>
> i will look for more possible buffer overflows this weekend. But thats
> difficult and takes a long time. I also want analyze your wb crash. Can
> you send me the pgn or fen file about this
> game which you are loaded with winboard ?
>
> thanks
>
>
> | I have reproduced the 'problem' here with Amy v0.8.4 and WinBoard 4.2.7,
> | its reproducable with all older versions of Amy (not with v0.8.6 which
> is a
> | "fix"
> | to this (at my request Thorsten increased the maximum output of Amy))
and
> | also
> | with Waster and (very probably) Muriel, maby more but I have not test
> them.
> |
> | I have a debug file attached where I loaded one of the games of Amy
0.8.3
> | where WinBoard crashed, after loading the game I set Amy to analise and
> | winboard comes in problems as soon the long pv appears in the debugfile.
> |>From that moment WinBoard use more as 50% of my CPU and then crash
> | after around 15 seconds.
> |
> | Its reproducable at both Win2000Pro and WinXP Pro, using WinBoard 4.2.7
> | and all 3,4 and 5 men egtbs (Nalimov), it happen in all cases when the
pv
> | send
> | by the engine is _to_ long!
> |
> | I hope this helps, if you need more info please let me know!
> |
> | Leo.
> |
> | ----- Original Message -----
> | From: "Tim Mann" <address@hidden>
> | To: "Leo Dijksman" <address@hidden>
> | Cc: <address@hidden>; <address@hidden>
> | Sent: Sunday, January 25, 2004 2:19 AM
> | Subject: Re: Winboard
> |
> |
> |
> |>WinBoard 4.2.7 has a fix for one buffer overflow bug (contributed by
> |>Daniel Mehrmann), but there are probably more still left. I don't know
> |>if anyone else has plans to work on buffer overflows, but I've copied
> |>this message to address@hidden so that the other developers will be
> |>aware of the issue too.
> |>
> |>If you can be more specific about exactly what engines cause the crashes
> |>and when, that would help anyone who finds time to work on them. A
> |>WinBoard.debug file would help too. Thanks.
> |>
> |>On Sun, 28 Dec 2003 23:58:12 +0100, "Leo Dijksman"
> |
> | <address@hidden> wrote:
> |
> |>>Hello Tim,
> |>>
> |>>I have a question to you :)
> |>>I have in the past taken some engines out of my wbec ridderkerk tourney
> |>>because they 'crashed' Winboard, now I have again problems with one
> |>>and it seems to have to do with point 353 at the todo list:
> |>>================================================
> |>>**353. WinBoard can crash when the engine outputs very long PV lines
> |>>(or debug output that looks like a PV). In particular, lines that
> |>>start with 4 or more blanks following a "thinking" output line are
> |>>treated as continuation lines, and get concatenated into a 512-byte
> |>>buffer with no checking for overflow. Generally we need a lot more
> |>>care to avoid buffer overflows inside both xboard and WinBoard.
> |>>[Note: changed the buffers to be 5120 bytes as a band-aid.]
> |>>=================================================
> |>>
> |>>My question is if this is something what can/will be fixed at
> |>>Xboard/Winboard
> |>>or is it something the engine author have to change at his engine?
> |>>If it will be done at XB/WB, can/will you put it high at the todo list
> |>>please?
> |>>
> |>>I think, but I am not sure, that I run into that 'problem' earlier as
> |
> | other
> |
> |>>users
> |>>because of the pretty long time controle at fast computers and have
also
> |>>ponder=on?
> |>>
> |>>Thanks in advance for any answer,
> |>>
> |>>Leo Dijksman.
> |>>
> |>
> |>
> |>--
> |>Tim Mann address@hidden http://tim-mann.org/
> |>
> |>
> |>
> |>------------------------------------------------------------------------
> |>
> |>_______________________________________________
> |>Bug-XBoard mailing list
> |>address@hidden
> |>http://mail.gnu.org/mailman/listinfo/bug-xboard
>
>
> - --
> Daniel Mehrmann
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (MingW32)
>
> iD8DBQFAFcI+Pt1V5Pj1nvYRArxqAJ9XesuQ1Suy3W+BSXyO2eRpkj2TTACfdhzh
> VTpxgeaV1+nDD8UsGL/BF1Y=
> =YW3E
> -----END PGP SIGNATURE-----
>