Bug#514463: Poor bounds checking causes abnormal exits or crashes
anomie at users.sourceforge.net
anomie at users.sourceforge.net
Sat Feb 7 22:01:39 UTC 2009
Package: gfpoken
Version: 0.31-2
There are small regions to the right of and below the grid that cause
gfpoken to fail when they are clicked, due to poor bounds checking in
the click event handlers.
For example:
1. Clicking the right region in line with the top row of the grid
manipulates the second cell in the second row of the grid; in a grid
with five columns numbered 0-4, that click tried to manipulate column
*6* which wrapped in the linear array in memory.
2. Clicking the right region in line with the bottom row, or the bottom
region in line with any of the columns, results in an exit with
"BUG: unknown case in nextobj" or a SEGV. In this case, it tried to
manipulate a cell off the edge of the grid and hence off the end of
the memory array.
3. Clicking either region in line with the "ball rolling" areas results
in corrupted graphics (as if a ball is rolling through the
out-of-bounds region) followed by an exit with a "Hash overrun"
message.
It seems the mouse button event handlers need to do better checking for
out-of-bounds values, and/or the grid widget needs to size itself
correctly so these regions don't exist.
More information about the Pkg-games-devel
mailing list