[Scummvm-tracker] [ScummVM :: Bugs] #12856: SUPERNOVA: Buffer overflow when speaking to NPC in Palace of Culture (was: SUPERNOVA: Buffer overflow when speaking to NPC in Palae of Culture)
ScummVM :: Bugs
trac at scummvm.org
Sat Aug 28 21:23:58 UTC 2021
#12856: SUPERNOVA: Buffer overflow when speaking to NPC in Palace of Culture
-------------------------+-------------------------------------------------
Reporter: criezy | Owner: (none)
Type: defect | Status: new
Priority: normal | Component: Engine: Supernova
Version: | Resolution:
Keywords: | Game: Mission Supernova Teil 2: Der
| Doppelgänger
-------------------------+-------------------------------------------------
Changes (by criezy):
* summary: SUPERNOVA: Buffer overflow when speaking to NPC in Palae of
Culture => SUPERNOVA: Buffer overflow when speaking to NPC in Palace
of Culture
Old description:
> Here is the information provided by Address Sanitizer:
> {{{
> ==33230==ERROR: AddressSanitizer: global-buffer-overflow on address
> 0x00010caab00c at pc 0x000106112584 bp 0x00016fa6a390 sp 0x00016fa6a388
> READ of size 4 at 0x00010caab00c thread T0
> #0 0x106112580 in Supernova::GameManager::dialog(int, unsigned char*,
> int*, int) game-manager.cpp:642
> #1 0x1060b5410 in
> Supernova::CulturePalace::interact(Supernova::Action, Supernova::Object&,
> Supernova::Object&)+0x328 (scummvm:arm64+0x105d25410)
> #2 0x106141c38 in Supernova::GameManager2::handleInput()+0x5c0
> (scummvm:arm64+0x105db1c38)
> #3 0x106143634 in Supernova::GameManager2::executeRoom()+0x448
> (scummvm:arm64+0x105db3634)
> #4 0x10614df98 in Supernova::SupernovaEngine::run() supernova.cpp:118
> #5 0x10040e990 in runGame(Plugin const*, Plugin const*, OSystem&,
> Common::String const&) main.cpp:311
> #6 0x100409a54 in scummvm_main main.cpp:618
> #7 0x1004010d0 in main macosx-main.cpp:45
> #8 0x18b09d42c in start+0x0 (libdyld.dylib:arm64e+0x1842c)
>
> 0x00010caab00c is located 52 bytes to the left of global variable
> 'dials1' defined in 'engines/supernova/supernova2/rooms.cpp:844:14'
> (0x10caab040) of size 3
> 0x00010caab00c is located 0 bytes to the right of global variable 'dial1'
> defined in 'engines/supernova/supernova2/rooms.cpp:839:13' (0x10caab000)
> of size 12
> }}}
>
> This is on a Mac M1 with current master (18ee050adf).
New description:
Here is the information provided by Address Sanitizer:
{{{
==33230==ERROR: AddressSanitizer: global-buffer-overflow on address
0x00010caab00c at pc 0x000106112584 bp 0x00016fa6a390 sp 0x00016fa6a388
READ of size 4 at 0x00010caab00c thread T0
#0 0x106112580 in Supernova::GameManager::dialog(int, unsigned char*,
int*, int) game-manager.cpp:642
#1 0x1060b5410 in
Supernova::CulturePalace::interact(Supernova::Action, Supernova::Object&,
Supernova::Object&)+0x328 (scummvm:arm64+0x105d25410)
#2 0x106141c38 in Supernova::GameManager2::handleInput()+0x5c0
(scummvm:arm64+0x105db1c38)
#3 0x106143634 in Supernova::GameManager2::executeRoom()+0x448
(scummvm:arm64+0x105db3634)
#4 0x10614df98 in Supernova::SupernovaEngine::run() supernova.cpp:118
#5 0x10040e990 in runGame(Plugin const*, Plugin const*, OSystem&,
Common::String const&) main.cpp:311
#6 0x100409a54 in scummvm_main main.cpp:618
#7 0x1004010d0 in main macosx-main.cpp:45
#8 0x18b09d42c in start+0x0 (libdyld.dylib:arm64e+0x1842c)
0x00010caab00c is located 52 bytes to the left of global variable 'dials1'
defined in 'engines/supernova/supernova2/rooms.cpp:844:14' (0x10caab040)
of size 3
0x00010caab00c is located 0 bytes to the right of global variable 'dial1'
defined in 'engines/supernova/supernova2/rooms.cpp:839:13' (0x10caab000)
of size 12
}}}
This is on a Mac M1 with current master (18ee050adf).
To reproduce load the attached save game and talk to the NPC.
--
--
Ticket URL: <https://bugs.scummvm.org/ticket/12856#comment:1>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list