Bug#969293: uci2wb: Long option strings are handled incorrectly due to insufficient buffer size

Sun, 30 Aug 2020 13:33:37 -0700 

Package: uci2wb
Version: 4.1+git200714-1
Severity: normal
X-Debbugs-Cc: Asher Gordon <asd...@posteo.net>

Dear Maintainer,

When a very long UCI option string is encountered by uci2wb, such as the
UCI_Variant option for engines with many variants like Multi-Variant
Stockfish or Fairy-Stockfish, it overflows the 'val' buffer, causing the
option to be handled incorrectly (at least when compiled with
optimization). The easy fix is to simply increase the buffer size as
below:

diff -ur a/UCI2WB.c b/UCI2WB.c
--- a/UCI2WB.c	2020-07-14 08:03:26.000000000 -0400
+++ b/UCI2WB.c	2020-08-30 16:17:06.311188760 -0400
@@ -331,7 +331,7 @@
 	    }
 	}
 	else if(!strcmp(command, "option")) { // USI option: extract data fields
-	    char name[80], type[80], buf[1024], val[256], *q;
+	    char name[80], type[80], buf[1024], val[1024], *q;
 	    int min=0, max=1e9; *val = 0;
 	    if(p = strstr(line+6, " type ")) sscanf(p+1, "type %s", type), *p = '\n';
 	    if(p = strstr(line+6, " min "))  sscanf(p+1, "min %d", &min), *p = '\n';

Of course, this is hardly perfect, but a better solution would require a
lot more work.

Incidentally, I think the following quote may be relevant for uci2wb:

    On the subject of C program indentation:
            "In My Egotistical Opinion, most people's C programs should
            be indented six feet downward and covered with dirt."
                    -- Blair P. Houghton

Thanks,
Asher

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-2-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages uci2wb depends on:
ii  libc6  2.31-3

Versions of packages uci2wb recommends:
ii  eboard             1.1.3-0.3
pn  gpsshogi | eleeye  <none>
ii  xboard             4.9.1-2

uci2wb suggests no packages.

-- no debconf information

-- 
One picture is worth 128K words.
                               --------
I prefer to send and receive mail encrypted. Please send me your
public key, and if you do not have my public key, please let me
know. Thanks.

GPG fingerprint: 38F3 975C D173 4037 B397  8095 D4C9 C4FC 5460 8E68

Attachment: signature.asc
Description: PGP signature

Reply via email to