tangogps 0.9.8

Joshua Judson Rosen rozzin at geekspace.com
Wed Nov 4 05:08:29 CET 2009


"Maksim 'max_posedon' Melnikau" <maxposedon at gmail.com> writes:
>
> SHR version (mrmoku/unstable feed) segfaults for me, on try to
> download map (4 levels):
[...]
> *** timer_tile_download():
> *** timer_tile_download():
> *** timer_tile_download():
> *** timer_tile_download():
> Segmentation fault

I'm seeing a segfault on line #370 of gps_functions.c (in set_label());
it seems to coincide with the end of map-download, in at least some
configurations (I can reproduce it if I disable auto-download),
so this may be what you're seeing:

There's a buffer-overflow problem that results in the `label70'
pointer being overwritten with what's supposed to be text-data
(and ends up being a garbage pointer) because the `buffer' variable
(actually named "buffer" :)) is not always big enough to hold the text
that's being g_sprintf'd into it.

As a quick hack, you can try just making the buffer bigger, but it may
be a better solution to use g_strdup_printf() instead of g_sprintf()
(and remembering to g_free() the resulting pointer when done with
it, of course!).

-- 
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."




More information about the community mailing list