Package: openarena-server
Version: 0.8.5-2
Severity: important
Tags: upstream patch pending
When a player is killed or leaves the server before the "enemy" struct member
has been set, the openarena game logic can dereference an invalid pointer and
(at least when running as native code) crash.
This is most easily reproduced by running a dedicated server, joining it with
a client, and leaving immediately. The departing player is counted as a
suicide and the dedicated server crashes.
This can be fixed by applying an upstream patch from after the 0.8.5 release;
see attached.
Simon
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (101,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openarena depends on:
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libcurl3-gnutls 7.21.0-1 Multi-protocol file transfer libra
ii libgl1-mesa-glx [libgl1 7.7.1-4 A free implementation of the OpenG
ii libogg0 1.2.0~dfsg-1 Ogg bitstream library
ii libopenal1 1:1.12.854-2 Software implementation of the Ope
ii libsdl1.2debian 1.2.14-6 Simple DirectMedia Layer
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
ii libspeexdsp1 1.2~rc1-1 The Speex extended runtime library
ii libvorbis0a 1.3.1-1 The Vorbis General Audio Compressi
ii libvorbisfile3 1.3.1-1 The Vorbis General Audio Compressi
ii openarena-data 0.8.5-2 OpenArena game data
ii openarena-server 0.8.5-3 server and game logic for the game
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
openarena recommends no packages.
openarena suggests no packages.
-- no debconf information
From: sago007 <unknown>
Date: Thu, 29 Apr 2010 16:02:53 +0000
Subject: [PATCH] Used self->enemy before it was initialized. Might have resultet in the TEAMKILL thing
[This fixes a server crash when a client joins and then rapidly leaves, when
using native code instead of QVMs. -smcv]
Origin: upstream, oax commit:203
git-svn-id: http://oax.googlecode.com/svn/tr...@203 48ef5666-4144-11de-b6cc-f32266f7ba4a
---
game/code/game/g_combat.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/game/code/game/g_combat.c b/game/code/game/g_combat.c
index f2185e6..8c81284 100644
--- a/game/code/game/g_combat.c
+++ b/game/code/game/g_combat.c
@@ -526,7 +526,7 @@ void player_die( gentity_t *self, gentity_t *inflictor, gentity_t *attacker, int
ent->s.otherEntityNum = self->s.number;
ent->s.otherEntityNum2 = killer;
//Sago: Hmmm... generic? Can I transmit anything I like? Like if it is a team kill? Let's try
- ent->s.generic1 = OnSameTeam (self, self->enemy);
+ ent->s.generic1 = OnSameTeam (self, attacker);
if( !((g_gametype.integer==GT_ELIMINATION || g_gametype.integer==GT_CTF_ELIMINATION) && level.time < level.roundStartTime) )
ent->r.svFlags = SVF_BROADCAST; // send to everyone (if not an elimination gametype during active warmup)
else
