Submitted on 2020-06-26 06h42 by Snark, last changed by fluzz.
Date: 2020-06-26 06h42
This bug was reported against the Debian package but is an upstream issue:
It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.
Date: 2020-06-29 13h49
This should be fixed, indeed.
Related issues : issue951, issue952 (how come we never commented those one ???)
But, however, if one tries to crash FDRPG with a malicious, I bet he will find thousands of way. Do we really have to protect against intentional corruptions ?