[crossfire] Client GTK2 - Buffer overflow

Karla Stenger karla.stenger at gmail.com
Sun Sep 2 20:03:28 CDT 2012 

Hello,
I don't know if someone else had the same issue as I.

it seems it's somehow related to some rings.
The first time it happened I thought It could be related to a problem with
my libraries installation, but now i've tested it on another pc and it's
happening again.

To reproduce it: Step on a ring of the elements. I don't know if that is
the exact name, but it's the one that gives you +45 protection to the
elements. Someone was trying to borrow me one and I was never able to pick
it up. Now it repeated with a huge pile of rings at a shop with permanent
tiles. So other rings may be involved.

OS: I'm running on archlinux. I don't know what libs may be involved, so
tell me what other data you may need.

Effect: the client crashes immediately. If you try to login it happens
again, unless someone takes the ring from the spot you where standing or
you wait long enough as to pop up on your bed of reality again.

Debugging info: Here's all the output from the client when trying to
re-login on top of the rings.

karla at sidney:~$ crossfire-client-gtk2
[  INFO  ] (Client Version) GTK V2 Unix Client 1.70.0 (using gtk-v2.glade)

(crossfire-client-gtk2:14742): Gtk-WARNING **: Attempting to add a widget
with type GtkLabel to a GtkAlignment, but as a GtkBin subclass a
GtkAlignment can only contain one widget at a time; it already contains a
widget of type GtkVBox

(crossfire-client-gtk2:14742): libglade-WARNING **: unknown child property
`type' for container `GtkAlignment'
[  INFO  ] (info.c::info_get_styles) Unable to find base style info_default
- will not process most info tag styles!
[  INFO  ] (inventory.c::inventory_get_styles) Unable to find style for
inv_magical
[  INFO  ] (inventory.c::inventory_get_styles) Unable to find style for
inv_cursed
[  INFO  ] (inventory.c::inventory_get_styles) Unable to find style for
inv_unpaid
[  INFO  ] (inventory.c::inventory_get_styles) Unable to find style for
inv_locked
[  INFO  ] (inventory.c::inventory_get_styles) Unable to find style for
inv_applied
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'hp_bar_normal'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style 'hp_bar_low'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style 'hp_bar_super'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'hp_gradual_bar_normal'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'hp_gradual_bar_low'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'hp_gradual_bar_super'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'sp_bar_normal'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style 'sp_bar_low'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style 'sp_bar_super'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'sp_gradual_bar_normal'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'sp_gradual_bar_low'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'sp_gradual_bar_super'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'grace_bar_normal'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'grace_bar_low'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'grace_bar_super'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'grace_gradual_bar_normal'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'grace_gradual_bar_low'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'grace_gradual_bar_super'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'food_bar_normal'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style 'food_bar_low'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'food_bar_super'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'food_gradual_bar_normal'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'food_gradual_bar_low'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'food_gradual_bar_super'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'exp_bar_normal'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style 'exp_bar_low'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'exp_bar_super'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'exp_gradual_bar_normal'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'exp_gradual_bar_low'
[  INFO  ] (stats.c::stats_get_styles()) Unable to find style
'exp_gradual_bar_super'
[  INFO  ] (spells.c::spell_get_styles) Unable to find style for
spell_attuned
[  INFO  ] (spells.c::spell_get_styles) Unable to find style for
spell_repelled
[  INFO  ] (spells.c::spell_get_styles) Unable to find style for
spell_denied
[  INFO  ] (spells.c::spell_get_styles) Unable to find style for
spell_normal
[  INFO  ] (gtk-v2::init_image_cache_data) Init Image Cache

(crossfire-client-gtk2:14742): GLib-GObject-CRITICAL **: g_object_unref:
assertion `G_IS_OBJECT (object)' failed

(crossfire-client-gtk2:14742): GLib-GObject-CRITICAL **: g_object_unref:
assertion `G_IS_OBJECT (object)' failed
[WARNING ] (common::VersionCmd) Differing S->C version numbers (1029,1028)
[  INFO  ] (common::VersionCmd) Playing on server type  Crossfire Server

[ DEBUG  ] (common::SetupCmd) map2cmd 1 tick 1 sound2 3 darkness 1 spellmon
1 spellmon FALSE faceset 0 facecache 1 want_pickup 1 loginmethod FALSE
newmapcmd 1
[  INFO  ] (common::SetupCmd) Got setup for a command we don't understand:
tick 1
[  INFO  ] (common::SetupCmd) Server returned FALSE for a spellmon setup
command
[  INFO  ] (common::SetupCmd) Got setup for a command we don't understand:
newmapcmd 1
[ DEBUG  ] (common::ReplyInfoCmd) Never found a space in the replyinfo
[ DEBUG  ] (common::ReplyInfoCmd) Never found a space in the replyinfo
[ DEBUG  ] (common::ReplyInfoCmd) Never found a space in the replyinfo
[ DEBUG  ] (common::SetupCmd) mapsize 25x25
[ DEBUG  ] (common::SetupCmd) faceset 0
[ DEBUG  ] (common::handle_query) Received query.  Input state now 2
[  INFO  ] (common::AddMeSuccess) addme_success received.
[ DEBUG  ] (common::AnimCmd) Received animation 198, 9 faces
[ DEBUG  ] (common::AnimCmd) Received animation 726, 6 faces
[ DEBUG  ] (common::AnimCmd) Received animation 57, 4 faces
[ DEBUG  ] (common::handle_query) Received query.  Input state now 2
[ DEBUG  ] (common::AnimCmd) Received animation 435, 3 faces
[ DEBUG  ] (common::AnimCmd) Received animation 529, 12 faces
[ DEBUG  ] (common::AnimCmd) Received animation 753, 2 faces
[ DEBUG  ] (common::AnimCmd) Received animation 719, 4 faces
[ DEBUG  ] (common::AnimCmd) Received animation 481, 5 faces
[ DEBUG  ] (common::AnimCmd) Received animation 107, 6 faces
[ DEBUG  ] (common::AnimCmd) Received animation 577, 3 faces
[ DEBUG  ] (common::AnimCmd) Received animation 381, 2 faces
[ DEBUG  ] (common::AnimCmd) Received animation 228, 2 faces
[ DEBUG  ] (common::AnimCmd) Received animation 432, 4 faces
*** buffer overflow detected ***: crossfire-client-gtk2 terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x45)[0xb6cf6c25]
/lib/libc.so.6(+0xfcb3a)[0xb6cf4b3a]
/lib/libc.so.6(+0xfc208)[0xb6cf4208]
/lib/libc.so.6(_IO_default_xsputn+0x8c)[0xb6c67c6c]
/lib/libc.so.6(_IO_vfprintf+0x4515)[0xb6c3cd05]
/lib/libc.so.6(__vsprintf_chk+0xcc)[0xb6cf42dc]
/lib/libc.so.6(__sprintf_chk+0x2f)[0xb6cf41ef]
crossfire-client-gtk2[0x807699f]
crossfire-client-gtk2[0x80728b1]
crossfire-client-gtk2[0x806f219]
crossfire-client-gtk2[0x8060aa1]
/usr/lib/libgdk-x11-2.0.so.0(+0x1ceb4)[0xb726deb4]
/usr/lib/libglib-2.0.so.0(+0x8732e)[0xb712132e]
/usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x143)[0xb70e0753]
/usr/lib/libglib-2.0.so.0(+0x46af0)[0xb70e0af0]
/usr/lib/libglib-2.0.so.0(g_main_loop_run+0x7b)[0xb70e0f4b]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xaf)[0xb7433a5f]
crossfire-client-gtk2[0x8060ce7]
crossfire-client-gtk2[0x804f608]
/lib/libc.so.6(__libc_start_main+0xf5)[0xb6c113d5]
crossfire-client-gtk2[0x804f975]
======= Memory map: ========
08048000-080b0000 r-xp 00000000 08:01 967467
/usr/bin/crossfire-client-gtk2
080b0000-080b1000 r--p 00068000 08:01 967467
/usr/bin/crossfire-client-gtk2
080b1000-080b3000 rw-p 00069000 08:01 967467
/usr/bin/crossfire-client-gtk2
080b3000-08357000 rw-p 00000000 00:00 0
08a4d000-09106000 rw-p 00000000 00:00 0          [heap]
b1200000-b1221000 rw-p 00000000 00:00 0
b1221000-b1300000 ---p 00000000 00:00 0
b13ff000-b1400000 ---p 00000000 00:00 0
b1400000-b1c00000 rw-p 00000000 00:00 0
b1c00000-b1c29000 rw-p 00000000 00:00 0
b1c29000-b1d00000 ---p 00000000 00:00 0
b1d07000-b1d67000 rw-s 00000000 00:04 1966094    /SYSV00000000 (deleted)
b1d67000-b1d68000 ---p 00000000 00:00 0
b1d68000-b2598000 rw-p 00000000 00:00 0
b2598000-b25f8000 rw-s 00000000 00:04 1933331    /SYSV00000000 (deleted)
b25f8000-b25fe000 r--p 00000000 08:01 3424315
/usr/share/locale/es/LC_MESSAGES/gdk-pixbuf.mo
b25fe000-b2604000 r-xp 00000000 08:01 1638505
/usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-xpm.so
b2604000-b2605000 r--p 00005000 08:01 1638505
/usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-xpm.so
b2605000-b2606000 rw-p 00006000 08:01 1638505
/usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-xpm.so
b2606000-b2615000 r--p 00000000 08:01 2082342
/usr/share/fonts/cantarell/Cantarell-Regular.otf
b2615000-b2625000 r--s 00000000 08:01 4816924
/var/cache/fontconfig/8d4af663993b81a124ee82e610bb31f9-le32d4.cache-3
b2625000-b262e000 r--s 00000000 08:01 4816923
/var/cache/fontconfig/a98d8961fa319a64d3cfd8640c79e62d-le32d4.cache-3
b262e000-b263b000 r--s 00000000 08:01 4816922
/var/cache/fontconfig/221fd1126b80b777db535aea535e87ba-le32d4.cache-3
b263b000-b263c000 r--s 00000000 08:01 4816919
/var/cache/fontconfig/6ba42ae0000f58711b5caaf10d690066-le32d4.cache-3
b263c000-b2647000 r--s 00000000 08:01 4816914
/var/cache/fontconfig/d62e99ef547d1d24cdb1bd22ec1a2976-le32d4.cache-3
b2647000-b2666000 r--s 00000000 08:01 4816912
/var/cache/fontconfig/f6b893a7224233d96cb72fd88691c0b4-le32d4.cache-3
b2666000-b2667000 r--s 00000000 08:01 4816911
/var/cache/fontconfig/f349e9996a5320f6dd491cedd2b1f964-le32d4.cache-3
b2667000-b26a8000 r--s 00000000 08:01 4816910
/var/cache/fontconfig/17090aa38d5c6f09fb8c5c354938f1d7-le32d4.cache-3
b26a8000-b26e9000 r--s 00000000 08:01 4816909
/var/cache/fontconfig/df311e82a1a24c41a75c2c930223552e-le32d4.cache-3
b26e9000-b5e6a000 rw-p 00000000 00:00 0
b5e6a000-b5e7b000 r-xp 00000000 08:01 582410     /usr/lib/libtdb.so.1.2.9
b5e7b000-b5e7c000 r--p 00010000 08:01 582410     /usr/lib/libtdb.so.1.2.9
b5e7c000-b5e7d000 rw-p 00011000 08:01 582410     /usr/lib/libtdb.so.1.2.9
b5e7d000-b5e83000 r-xp 00000000 08:01 978827     /usr/lib/libogg.so.0.8.0
b5e83000-b5e84000 rw-p 00005000 08:01 978827     /usr/lib/libogg.so.0.8.0
b5e84000-b5eae000 r-xp 00000000 08:01 583479     /usr/lib/libvorbis.so.0.4.6
b5eae000-b5eaf000 r--p 00029000 08:01 583479     /usr/lib/libvorbis.so.0.4.6
b5eaf000-b5eb0000 rw-p 0002a000 08:01 583479     /usr/lib/libvorbis.so.0.4.6
b5eb0000-b5ef9000 r-xp 00000000 08:01 583003     /usr/lib/libdbus-1.so.3.7.1
b5ef9000-b5efa000 r--p 00048000 08:01 583003     /usr/lib/libdbus-1.so.3.7.1
b5efa000-b5efb000 rw-p 00049000 08:01 583003     /usr/lib/libdbus-1.so.3.7.1
b5efb000-b5f1d000 r-xp 00000000 08:01 583142     /usr/lib/libatspi.so.0.0.1
b5f1d000-b5f1e000 ---p 00022000 08:01 583142     /usr/lib/libatspi.so.0.0.1
b5f1e000-b5f1f000 r--p 00022000 08:01 583142     /usr/lib/libatspi.so.0.0.1
b5f1f000-b5f20000 rw-p 00023000 08:01 583142     /usr/lib/libatspi.so.0.0.1
b5f27000-b5f30000 r-xp 00000000 08:01 583455     /usr/lib/libltdl.so.7.3.0
b5f30000-b5f31000 r--p 00008000 08:01 583455     /usr/lib/libltdl.so.7.3.0
b5f31000-b5f32000 rw-p 00009000 08:01 583455     /usr/lib/libltdl.so.7.3.0
b5f32000-b5f41000 r-xp 00000000 08:01 975259
/usr/lib/libcanberra.so.0.2.5
b5f41000-b5f42000 r--p 0000f000 08:01 975259
/usr/lib/libcanberra.so.0.2.5
b5f42000-b5f43000 rw-p 00010000 08:01 975259
/usr/lib/libcanberra.so.0.2.5
b5f43000-b5f47000 r-xp 00000000 08:01 583502
/usr/lib/libcanberra-gtk.so.0.1.8
b5f47000-b5f48000 r--p 00003000 08:01 583502
/usr/lib/libcanberra-gtk.so.0.1.8
b5f48000-b5f49000 rw-p 00004000 08:01 583502
/usr/lib/libcanberra-gtk.so.0.1.8
b5f49000-b5f72000 r-xp 00000000 08:01 1032582
/usr/lib/gtk-2.0/modules/libatk-bridge.so
b5f72000-b5f73000 r--p 00028000 08:01 1032582
/usr/lib/gtk-2.0/modules/libatk-bridge.so
b5f73000-b5f74000 rw-p 00029000 08:01 1032582
/usr/lib/gtk-2.0/modules/libatk-bridge.so
b5f74000-b5f75000 rw-p 00000000 00:00 0
b5f75000-b5fc3000 r-xp 00000000 08:01 1032202
/usr/lib/gtk-2.0/modules/libgail.so
b5fc3000-b5fc4000 r--p 0004d000 08:01 1032202
/usr/lib/gtk-2.0/modules/libgail.so
b5fc4000-b5fc5000 rw-p 0004e000 08:01 1032202
/usr/lib/gtk-2.0/modules/libgail.so
b5fc5000-b5ff4000 r-xp 00000000 08:01 1032626
/usr/lib/gtk-2.0/2.10.0/engines/libclearlooks.so
b5ff4000-b5ff5000 r--p 0002f000 08:01 1032626
/usr/lib/gtk-2.0/2.10.0/engines/libclearlooks.so
b5ff5000-b5ff6000 rw-p 00030000 08:01 1032626
/usr/lib/gtk-2.0/2.10.0/engines/libclearlooks.so
b5ff6000-b6020000 r--p 00000000 08:01 3424374
/usr/share/locale/es/LC_MESSAGES/gtk20-properties.mo
b6020000-b602b000 r-xp 00000000 08:01 3555603    /lib/libnss_files-2.15.so
b602b000-b602c000 r--p 0000a000 08:01 3555603    /lib/libnss_files-2.15.so
b602c000-b602d000 rw-p 0000b000 08:01 3555603    /lib/libnss_files-2.15.so
b602d000-b6049000 r-xp 00000000 08:01 582835     /usr/lib/libgcc_s.so.1
b6049000-b604a000 rw-p 0001b000 08:01 582835     /usr/lib/libgcc_s.so.1
b604a000-b604f000 r-xp 00000000 08:01 3555601    /lib/libnss_dns-2.15.so
b604f000-b6050000 r--p 00004000 08:01 3555601    /lib/libnss_dns-2.15.so
b6050000-b6051000 rw-p 00005000 08:01 3555601    /lib/libnss_dns-2.15.so


Thanks!
Karla (Katia)

-- 
-------------------------
Karla  Mª  Stenger  Sábat
karla.stenger at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.metalforge.org/pipermail/crossfire/attachments/20120902/1474cb10/attachment.html>

More information about the crossfire mailing list