Subject: pkg/7160: xdoom segfaults during initialization
To: None <gnats-bugs@gnats.netbsd.org>
From: John F. Woods <jfw@jfwhome.funhouse.com>
List: netbsd-bugs
Date: 03/14/1999 18:55:35
>Number: 7160
>Category: pkg
>Synopsis: xdoom segfaults during initialization
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: gnats-admin (GNATS administrator)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Mar 14 16:05:00 1999
>Last-Modified:
>Originator: John F. Woods
>Organization:
Misanthropes-R-Us
>Release: current as of March 8
>Environment:
System: NetBSD jfwhome.funhouse.com 1.3I NetBSD 1.3I (JFWNEW) #9: Wed Feb 3 08:45:40 EST 1999 root@jfwhome.funhouse.com:/usr/src/sys/arch/i386/compile/JFWNEW i386
>Description:
$ xdoom
DOOM Shareware Startup v1.10
V_Init: allocate screens.
M_LoadDefaults: Load system defaults.
Z_Init: Init zone memory allocation daemon.
W_Init: Init WADfiles.
adding /usr/X11R6/share/doom/doom1.wad
===========================================================================
Shareware!
===========================================================================
M_Init: Init miscellaneous info.
R_Init: Init DOOM refresh daemon - [.. ]
InitTextures
InitFlats........
InitSprites
InitColormaps
R_InitData
R_InitPointToAngle
R_InitTables
R_InitPlanes
R_InitLightTables
R_InitSkyMap
R_InitTranslationsTables
P_Init: Init Playloop state.
Memory fault (core dumped)
>How-To-Repeat:
Run it.
>Fix:
#0 0x347b8 in R_InitSpriteDefs (namelist=0x62c0c) at r_things.c:213
213 intname = *(int *)namelist[i];
(gdb) print namelist
$1 = (char **) 0x62c0c
(gdb) print i
$2 = 138
(gdb) print namelist[0]
$3 = 0x41804 "TROO"
(gdb) print namelist[138]
$4 = 0x90909090 <Address 0x90909090 out of bounds>
When I RTFS, I discover that R_InitSpriteDefs says it takes a NULL terminated
array of char pointers. The array it is passed, sprnames, is NOT a NULL
terminated array of char pointers -- unless one applies this patch:
*** info.h.orig Sun Mar 14 17:14:18 1999
--- info.h Sun Mar 14 17:14:46 1999
***************
*** 1156,1162 ****
} state_t;
extern state_t states[NUMSTATES];
! extern char *sprnames[NUMSPRITES];
--- 1156,1163 ----
} state_t;
extern state_t states[NUMSTATES];
! /* R_InitSpriteDefs insists on a NULL terminated list, add one for NULL. (jfw) */
! extern char *sprnames[NUMSPRITES+1];
*** info.c.orig Sun Mar 14 17:11:53 1999
--- info.c Sun Mar 14 17:12:02 1999
***************
*** 37,43 ****
#include "p_mobj.h"
! char *sprnames[NUMSPRITES] = {
"TROO","SHTG","PUNG","PISG","PISF","SHTF","SHT2","CHGG","CHGF","MISG",
"MISF","SAWG","PLSG","PLSF","BFGG","BFGF","BLUD","PUFF","BAL1","BAL2",
"PLSS","PLSE","MISL","BFS1","BFE1","BFE2","TFOG","IFOG","PLAY","POSS",
--- 37,43 ----
#include "p_mobj.h"
! char *sprnames[NUMSPRITES+1] = {
"TROO","SHTG","PUNG","PISG","PISF","SHTF","SHT2","CHGG","CHGF","MISG",
"MISF","SAWG","PLSG","PLSF","BFGG","BFGF","BLUD","PUFF","BAL1","BAL2",
"PLSS","PLSE","MISL","BFS1","BFE1","BFE2","TFOG","IFOG","PLAY","POSS",
***************
*** 51,57 ****
"POL3","POL1","POL6","GOR2","GOR3","GOR4","GOR5","SMIT","COL1","COL2",
"COL3","COL4","CAND","CBRA","COL6","TRE1","TRE2","ELEC","CEYE","FSKU",
"COL5","TBLU","TGRN","TRED","SMBT","SMGT","SMRT","HDB1","HDB2","HDB3",
! "HDB4","HDB5","HDB6","POB1","POB2","BRS1","TLMP","TLP2"
};
--- 51,57 ----
"POL3","POL1","POL6","GOR2","GOR3","GOR4","GOR5","SMIT","COL1","COL2",
"COL3","COL4","CAND","CBRA","COL6","TRE1","TRE2","ELEC","CEYE","FSKU",
"COL5","TBLU","TGRN","TRED","SMBT","SMGT","SMRT","HDB1","HDB2","HDB3",
! "HDB4","HDB5","HDB6","POB1","POB2","BRS1","TLMP","TLP2", 0
};
>Audit-Trail:
>Unformatted: