[Scummvm-tracker] [ScummVM :: Bugs] #12856: SUPERNOVA: Buffer overflow when speaking to NPC in Palae of Culture

ScummVM :: Bugs trac at scummvm.org
Sat Aug 28 21:22:03 UTC 2021


#12856: SUPERNOVA: Buffer overflow when speaking to NPC in Palae of Culture
-------------------------------------------------+-------------------------
Reporter:  criezy                                |      Owner:  (none)
    Type:  defect                                |     Status:  new
Priority:  normal                                |  Component:  Engine:
                                                 |  Supernova
 Version:                                        |   Keywords:
    Game:  Mission Supernova Teil 2: Der         |
  Doppelgänger                                   |
-------------------------------------------------+-------------------------
 Here is the information provided by Address Sanitizer:
 {{{
 ==33230==ERROR: AddressSanitizer: global-buffer-overflow on address
 0x00010caab00c at pc 0x000106112584 bp 0x00016fa6a390 sp 0x00016fa6a388
 READ of size 4 at 0x00010caab00c thread T0
     #0 0x106112580 in Supernova::GameManager::dialog(int, unsigned char*,
 int*, int) game-manager.cpp:642
     #1 0x1060b5410 in
 Supernova::CulturePalace::interact(Supernova::Action, Supernova::Object&,
 Supernova::Object&)+0x328 (scummvm:arm64+0x105d25410)
     #2 0x106141c38 in Supernova::GameManager2::handleInput()+0x5c0
 (scummvm:arm64+0x105db1c38)
     #3 0x106143634 in Supernova::GameManager2::executeRoom()+0x448
 (scummvm:arm64+0x105db3634)
     #4 0x10614df98 in Supernova::SupernovaEngine::run() supernova.cpp:118
     #5 0x10040e990 in runGame(Plugin const*, Plugin const*, OSystem&,
 Common::String const&) main.cpp:311
     #6 0x100409a54 in scummvm_main main.cpp:618
     #7 0x1004010d0 in main macosx-main.cpp:45
     #8 0x18b09d42c in start+0x0 (libdyld.dylib:arm64e+0x1842c)

 0x00010caab00c is located 52 bytes to the left of global variable 'dials1'
 defined in 'engines/supernova/supernova2/rooms.cpp:844:14' (0x10caab040)
 of size 3
 0x00010caab00c is located 0 bytes to the right of global variable 'dial1'
 defined in 'engines/supernova/supernova2/rooms.cpp:839:13' (0x10caab000)
 of size 12
 }}}

 This is on a Mac M1 with current master (18ee050adf).
-- 
Ticket URL: <https://bugs.scummvm.org/ticket/12856>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM


More information about the Scummvm-tracker mailing list