-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Buffer overrun when asking Sulik what weapons he can use #376
Comments
This looks like a vanilla issue. kcsulik.msg has this line:
Probably never caused issues in original because there were no buffer overrun checks :) The only place this field is used is when calling In original code, there's no strcpy but what appears to be an inlined custom string copy function:
|
Maybe just copy 8 chars? Is there anything that relies on the null terminator? |
This is a duplicate of #342. |
Another dupe: #316 |
Using the Linux x64 v1.3 release binary, I get a crash after: paying Sulik $350, asking him to join me, then asking him what weapons he can use.
It looks like the 8 char string "slk58alt" is being copied into
char field_50[8];
using strcpy, so the string's 0-terminator overruns the buffer. The release is built with-D_FORTIFY_SOURCE=2
, so this terminates the program.The text was updated successfully, but these errors were encountered: