Opened 12 years ago

Closed 12 years ago

#666 closed bug (fixed (in master))

main-gcu exhibits out-of-bounds array access in z-term at game init

Reported by: takkaria Owned by:
Milestone: 3.1.1 beta Keywords:


To reproduce:

  1. Compile linux port with gcu frontend.
  2. Run "valgrind --log-file=x ./angband -mgcu"
  3. Output:
    ==13586== Invalid read of size 1
    ==13586==    at 0x4006293: strlen (mc_replace_strmem.c:246)
    ==13586==    by 0x80BE0CC: my_strcpy (z-util.c:97)
    ==13586==    by 0x80BAE64: vstrnfmt (z-form.c:555)
    ==13586==    by 0x80BAF95: strnfmt (z-form.c:740)
    ==13586==    by 0x80B9EF4: Term_text_gcu (main-gcu.c:623)
    ==13586==    by 0x80BC114: Term_fresh (z-term.c:909)
    ==13586==    by 0x8072DF1: init_angband (init2.c:1686)
    ==13586==    by 0x80B91FD: main (main.c:489)
    ==13586==  Address 0x403B7D8 is 0 bytes after a block of size 1,920
    ==13586==    at 0x40054E5: malloc (vg_replace_malloc.c:149)
    ==13586==    by 0x80BE327: ralloc (z-virt.c:67)
    ==13586==    by 0x80BD4D1: term_win_init (z-term.c:325)
    ==13586==    by 0x80BD6D2: term_init (z-term.c:2435)
    ==13586==    by 0x80B93ED: term_data_init_gcu (main-gcu.c:658)
    ==13586==    by 0x80B9824: init_gcu (main-gcu.c:911)
    ==13586==    by 0x80B91DF: main (main.c:460)

It looks like it could be some kind of init problem; the out-of-bounds access only happens on the very first call to Term_fresh(). This may be a problem in main-gcu, since it doesn't crop up anywhere else, but it seems unlikely.

Change History (1)

comment:1 Changed 12 years ago by takkaria

  • Resolution set to fixed
  • Status changed from new to closed

in [2dae619] (SVN r1129)

Note: See TracTickets for help on using tickets.