Your message dated Wed, 09 Sep 2020 11:49:15 +0000 with message-id <E1kFybD-0009VK-04@fasolo.debian.org> and subject line Bug#969228: fixed in glaurung 2.2-4 has caused the Debian Bug report #969228, regarding glaurung: Segmentation fault caused by out of bounds access to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 969228: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969228 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: glaurung: Segmentation fault caused by out of bounds access
- From: Asher Gordon <AsDaGo@posteo.net>
- Date: Sat, 29 Aug 2020 13:32:04 -0400
- Message-id: <87d0399x4b.fsf@posteo.net>
Package: glaurung Version: 2.2-3 Severity: grave Tags: patch X-Debbugs-Cc: Asher Gordon <AsDaGo@posteo.net> Dear Maintainer, Glaurung segfaults when the 'go' command is used, making it unusable. For example: $ glaurung Glaurung 2.2. Copyright (C) 2004-2008 Tord Romstad. go Segmentation fault This is because of an out of bounds access, fixed by the following patch:From 62017d29d816d07513805500d498d8779343e074 Mon Sep 17 00:00:00 2001 From: Asher Gordon <AsDaGo@posteo.net> Date: Sat, 29 Aug 2020 12:53:56 -0400 Subject: [PATCH 1/3] Fix buffer overrun, causing a segfault --- src/evaluate.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/evaluate.cpp b/src/evaluate.cpp index 72032f0..ac303fa 100644 --- a/src/evaluate.cpp +++ b/src/evaluate.cpp @@ -1243,7 +1243,7 @@ namespace { SafetyTable[i] = Value((int)(100 * a * (i - b))); } - for(i = 0; i < 100; i++) + for(i = 0; i < 99; i++) if(SafetyTable[i+1] - SafetyTable[i] > maxSlope) { for(j = i + 1; j < 100; j++) SafetyTable[j] = SafetyTable[j-1] + Value(maxSlope); -- 2.28.0I also attempted to send this patch upstream, but I don't know Tord's current email address (it's not tord@glaurungchess.com; I tried). So I sent it to Matthew Purland, since he had made the last commit on https://github.com/phenri/glaurung. So hopefully, he will be able to apply it upstream, but until then, please apply this patch in Debian. Thanks, Asher -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages glaurung depends on: ii libc6 2.31-3 ii libstdc++6 10.1.0-6 Versions of packages glaurung recommends: ii polyglot 2.0.4-2+b1 ii xboard 4.9.1-2 glaurung suggests no packages. -- no debconf information -- One picture is worth 128K words. -------- I prefer to send and receive mail encrypted. Please send me your public key, and if you do not have my public key, please let me know. Thanks. GPG fingerprint: 38F3 975C D173 4037 B397 8095 D4C9 C4FC 5460 8E68Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 969228-close@bugs.debian.org
- Subject: Bug#969228: fixed in glaurung 2.2-4
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 09 Sep 2020 11:49:15 +0000
- Message-id: <E1kFybD-0009VK-04@fasolo.debian.org>
- Reply-to: Adam Borowski <kilobyte@angband.pl>
Source: glaurung Source-Version: 2.2-4 Done: Adam Borowski <kilobyte@angband.pl> We believe that the bug you reported is fixed in the latest version of glaurung, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 969228@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adam Borowski <kilobyte@angband.pl> (supplier of updated glaurung package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 09 Sep 2020 13:05:47 +0200 Source: glaurung Architecture: source Version: 2.2-4 Distribution: unstable Urgency: medium Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Adam Borowski <kilobyte@angband.pl> Closes: 969228 Changes: glaurung (2.2-4) unstable; urgency=medium . * QA upload. * Fix a segfault for out-of bounds, patch by Asher Gordon. (Closes: #969228) Checksums-Sha1: 7b7105eccb1a60c5c1f690951649180d29ab13c6 1665 glaurung_2.2-4.dsc f1315efcd08774a6e5248bd5523014c427c4256f 13528 glaurung_2.2-4.debian.tar.xz c471e6af7333a60e2a2da5d15e627d291a176256 5061 glaurung_2.2-4_source.buildinfo Checksums-Sha256: 0ded9fcd58cbe302e06f2eab602a577ca0861254ca6e85482eff425f1ea4cccf 1665 glaurung_2.2-4.dsc aa33d661c66105f4a920d9c6219eab917cd7fe6f79d4c28f8a23c30bb8ce7761 13528 glaurung_2.2-4.debian.tar.xz 08278bbb5439bc7619e11e8f9c9e0cb3d9bb4e1ad1d76d7796a64ea43718f991 5061 glaurung_2.2-4_source.buildinfo Files: 657077a3259f014706b4de49d85263ee 1665 games optional glaurung_2.2-4.dsc 90775e99062873f88be39d575c142cf7 13528 games optional glaurung_2.2-4.debian.tar.xz efc3c7139afe5244cf25092c59b75bc2 5061 games optional glaurung_2.2-4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAl9YvFwACgkQweDZLphv fH4qRg//evbAjkEcojh38GBem6iobzJSfQsputDizAip81+A2ZhUHyuE/OaJ2QtL QJIiBsSl91d/MsHamniMMN9YqJ/ZzW6nOdDDiklzJKorrVKduu60cnlT6DrnW/yU APyj67LHWVA3cgt6ztNGvgVbKZ6WmC/WXX2Np2GU/dE9czS62OAqxZROZA4oaBGu +DnAfkXkJvo6NwYjRXqjn2QZ2T+AW/FUh0iP7bC54mHYN0CYr+K7noKBpAyia5E8 OsE4e2pbr93qM6cty+LDeBoWhlhSqa4mQ/maP6/SlEJixuno5coJxl/PFyMac7zN vsNgG39u+Vv/CZRZ6w0DW/Q1WnKu3rL02xHaJucn/qGRCT1Kiyy8yYUvjpsk8CCR Lx8UPyg1UXQlr5eHAeu/MBXhgS1T3ngaQ4fTZob3IIE9pELQXc9ZokikAFYSL+GU bxZpgib3DlSXbphNq79oZm39DEBjk/xViIPgQMgcJuHHIyy1A7c9EBDAzmKTW2qr Sq1NMZ398fch8fvU3gaX/iYrKC62A5M/NgBv6IThz6AX2c6DeOkY4CZhVDEzOJL9 i1iCyDErh6aoQ6YbCchEKKl17zcOpj25dqS8iD/RwfsxC3pX5CXrzytP/8rpnA7H uUx7b/m3zjVyEoWagmwDsQ0+AFApnZH2vMWpX9ttUMsuNrWJAcY= =y+5w -----END PGP SIGNATURE-----
--- End Message ---