Text only | Text with Images

The International Simutrans Forum

Development => Patches & Projects => Incorporated Patches and Solved Bug Reports => Topic started by: z9999+ on December 23, 2009, 03:10:13 pm

Title: simconvoi.cc: Too small buffer size may cause crashing
Post by: z9999+ on December 23, 2009, 03:10:13 pm
This was reported in japanese community.
If convoi name is too long, it will cause crashing when the convoi entered a depot.

I searched other buffer size of add_message(). In other places, it is at least 256 bytes.
This is the only one which using 128 bytes buffer, and if convoi name is too long, it will cause crashing.
(Japanese character needs 3 bytes for each.)

simconvoi.cc:1074-
Quote
      // ok, we are entering a depot
      char buf[128];

      // we still book the money for the trip; however, the frieght will be lost
      calc_gewinn();

      akt_speed = 0;
      sprintf(buf, translator::translate("!1_DEPOT_REACHED"), get_name());
      welt->get_message()->add_message(buf, v->get_pos().get_2d(),message_t::convoi, PLAYER_FLAG|get_besitzer()->get_player_nr(), IMG_LEER);
Title: Re: simconvoi.cc: Too small buffer size may cause crashing
Post by: prissi on December 23, 2009, 10:08:25 pm
cbuffer_t will be anyway the better solution. Thank you.
Title: Re: simconvoi.cc: Too small buffer size may cause crashing
Post by: Isaac Eiland-Hall on December 24, 2009, 04:45:57 am
I'm sorry to spam up the report - but I just gotta say: >128char convoi name?!?! Wow!
Title: Re: simconvoi.cc: Too small buffer size may cause crashing
Post by: DirrrtyDirk on December 24, 2009, 01:21:10 pm
actually 128 byte - and:
Quote from: z9999+ – on
(Japanese character needs 3 bytes for each.)

But still... I thought in Japanese, names and words need fewer characters than in English or other Western languages... (e.g. "Shin-Ōsaka Station" = 新大阪駅 ) 18 in English and 4(x3=12) in Japanese... yep, needing more than 128 bytes is still impressive to me.  ;)
Title: Re: simconvoi.cc: Too small buffer size may cause crashing
Post by: prissi on December 24, 2009, 10:48:10 pm
The default name of a convoi is the first engine. Thus some long names may happen. Anyway, for netowrk mode which could ultimatively result in exploits due to buffer overruns detecting such bugs is very good.
Title: Re: simconvoi.cc: Too small buffer size may cause crashing
Post by: Ters on December 25, 2009, 11:52:12 am
I guess this is why the message I get when a convoy enters a depot looks messed up now. Since sprintf is not used anymore, all the translations have to be rewritten. Alternatively allocate a buffer that is the size of the message and the name and then sprintf into that, but sprintf is a dangerous function.
Title: Re: simconvoi.cc: Too small buffer size may cause crashing
Post by: prissi on December 25, 2009, 10:24:42 pm
Ups, sorry, will be corrected.
Text only | Text with Images