Two files: bad.pk3 and good.pk3.
Both contain a KEYCONF lump with alias "alias1".
In good.pk3, alias1 has length of 4089. good.pk3 is loaded without problems.
In bad.pk3, alias1 has length of 4090. GZDoom crashes on loading bad.pk3:
`--> gzdoom -iwad doom/DOOM2.WAD -glversion 3 -file ~/tmp/keyconf/bad.pk3
GZDoom g3.2.5 - 2018-01-03 23:41:06 -0500 - SDL version
Compiled on Jan 4 2018
M_LoadDefaults: Load system defaults.
W_Init: Init WADfiles.
adding /opt/gzdoom/gzdoom.pk3, 671 lumps
adding /opt/gzdoom/zd_extra.pk3, 135 lumps
adding ./doom/DOOM2.WAD, 2919 lumps
adding /home/allkromm/tmp/keyconf/bad.pk3, 1 lumps
I_Init: Setting up machine state.
CPU Vendor ID: AuthenticAMD
Name: AMD A6-4400M APU with Radeon(tm) HD Graphics
Family 21 (21), Model 16, Stepping 1
Features: SSE2 SSE3 SSSE3 SSE4.1 SSE4.2
I_InitSound: Initializing OpenAL
Cannot connect to server socket err = No such file or directory
Cannot connect to server request channel
jack server is not running or cannot be started
JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for 4294967295, skipping unlock
JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for 4294967295, skipping unlock
Opened device Built-in Audio Analog Stereo
EFX enabled
V_Init: allocate screen.
S_Init: Setting up sound.
ST_Init: Init startup screen.
Checking cmd-line parameters...
S_InitData: Load sound definitions.
G_ParseMapInfo: Load map definitions.
Texman.Init: Init texture manager.
ParseTeamInfo: Load team definitions.
LoadActors: Load actor definitions.
script parsing took 252.53 ms
*** Fatal Error ***
Address not mapped to object (signal 11)
Address: 0x5574b6002269
Generating gzdoom-crash.log and killing process 3797, please wait... 29 ../sysdeps/unix/sysv/linux/waitpid.c: No such file or directory.
sh: 1: gxmessage: not found
[1] 3797 killed gzdoom -iwad doom/DOOM2.WAD -glversion 3 -file ~/tmp/keyconf/bad.pk3
No message about problem source is seen, so user who created such an alias has to understand by himself that the problem is in alias length.
You can see that good.pk3:KEYCONF contains more text than bad.pk3, so the problem is not KEYCONF size, but the size of alias.
I see several possible solutions:
crash with message about too big alias
ignore too big aliases with a warning
Re: Crash with alias in KEYCONF that is > 4090
Posted: Sat Mar 03, 2018 1:40 am
by Graf Zahl
The KEYCONF parser uses a fixed size buffer of 4096 bytes. Congratulations, you are the first person to exceed it!
Re: Crash with alias in KEYCONF that is > 4090
Posted: Sat Mar 03, 2018 2:00 am
by _mental_
It's fairly easy to support arbitrary line lengths in KEYCONF, at cost of heap allocation(s) of course.
Usefulness of this is questionable but crash will be fixed as a side effect.
Re: Crash with alias in KEYCONF that is > 4090
Posted: Sat Mar 03, 2018 2:09 am
by m8f
About usefulness - there would be no need to write long aliases if wait commands were serialized (described here).
If commands with 'wait' could be aliased safely, it would be sufficient just to issue a warning on too long lines (warning would ask to divide line to aliases), and then ignore long lines. And there would be no need to support arbitrary lengths.
Re: Crash with alias in KEYCONF that is > 4090
Posted: Sat Mar 03, 2018 2:11 am
by Graf Zahl
Fixing the buffer overflow is a lot simpler than redesigning the entire system, though.