Bug 2729 - md4.c NULL deref
Status: RESOLVED FIXED
Alias: None
Product: ioquake3
Classification: Unclassified
Component: Misc
Version: 1.33 SVN
Hardware: PC Linux
: P2 normal
Assignee: Zachary J. Slater
QA Contact: ioquake3 bugzilla mailing list
URL:
Depends on:
Blocks:
 
Reported: 2006-05-31 18:31 EDT by Lukasz Saduniowski
Modified: 2007-05-21 11:26:45 EDT
1 user (show)

See Also:


Description Lukasz Saduniowski 2006-05-31 18:31:08 EDT 
version: today's svn

I made pak0.pk3 with one empty file and got segfault. gdb showed that in:

md4.c:162
mdfour_update() calls mdfour_tail() that uses uninitialized 'm',
'm' is initialized line below the call.
I believe it would be best to remove that assigning global pointer to var in stack...
Comment 1 Lukasz Saduniowski 2006-05-31 18:48:16 EDT 



Program received signal SIGSEGV, Segmentation fault.
...
    137             m->totalN += n;                                             
(gdb) bt                                                                        
#0  0x000000000043bdbc in mdfour_tail (in=0x2b445002926c "", n=0)               
at code/qcommon/md4.c:137                                                       
#1  0x000000000043bed0 in mdfour_update (md=0x7fffffe56880,                     
in=0x2b445002926c "", n=0) at code/qcommon/md4.c:162                            
#2  0x000000000043bfcd in mdfour (out=0x7fffffe568e0 "\234
Comment 2 Thilo Schulz 2006-05-31 20:59:56 EDT 
I could not reproduce the bug at all as it generally seems to ignore 0-byte paks. But as this thing you reported very obviously cannot be right I still fixed it to make you happy :)
Comment 3 Ryan C. Gordon 2007-05-21 11:26:45 EDT 
Setting a QA contact on all ioquake3 bugs, even resolved ones. Sorry if you get a flood of email from this, it should only happen once. Apologies for the incovenience.

--ryan.