The issue is that a
char * is being casually converted to a
char array when it is passed to
strcpy.
Having absolutely nothing to do with the gcc flags that tba-2020 uses, the following code (which is an example based on the test that Castillo did above)
ought to crash!
Code:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main()
{
/* creates a variable chname, which is a pointer
* to a character, and room for 6 characters (when
* the NULL terminator is accounted for) is reserved */
char *chname = "doggo";
/* creates a character array which has room for 5 characters */
char name[5];
/* will crash, because 6 characters are being
* written to an array which only has room for 5 */
strcpy(name, chname);
return 0;
}
The fact that you didn't have issues before incorporating the compiler flags
Code:
-g -O2 -Wall -Wno-char-subscripts -Wno-unused-but-set-variable
is actually the surprising part. It
should crash because it's trying to modify memory it doesn't have access to.
To respond to Thomas' thoughts:
I think the +1 fix is a hack. It would have to be done everywhere we allocate a buffer for a name.
Instead, we must limit to 19 chars, using <= instead of <. That is consistent with the buffer size.
This is true, and is to be expected! It's no less weird to implement
Code:
#define MAX_NAME_LENGTH 20
and then insist that names be no more than 19 characters long.
The solution suggested by Castillo:
Code:
/** structure for list of recent players (see 'recent' command) */
struct recent_player
{
int vnum; /* The ID number for this instance */
- char name[MAX_NAME_LENGTH]; /* The char name of the player */
+ char name[MAX_NAME_LENGTH + 1]; /* The char name of the player */
bool new_player; /* Is this a new player? */
bool copyover_player; /* Is this a player that was on during the last copyover? */
time_t time; /* login time */
char host[HOST_LENGTH+1]; /* Host IP address */
struct recent_player *next; /* Pointer to the next instance */
};
is
not a hack. In fact it is the natural choice here.
