Log In  

When a cartridge exceeds the 65536 code size limit, PICO-8 0.1.10c crashes instantly when loading the .p8. It looks like an unchecked strcat() call that overflows past the allocate string size. Here is the Linux backtrace:

==4197== Invalid write of size 1
==4197==    at 0x4C2EA80: strcat
==4197==    by 0x4A74D3: codo_load_pico8_cart_from_file (in /home/sam/pico-8/pico8)
==4197==    by 0x4A753F: codo_load_pico8_cart (in /home/sam/pico-8/pico8)
==4197==    by 0x40B9F1: load_cart (in /home/sam/pico-8/pico8)
==4197==    by 0x4086B9: move_boot (in /home/sam/pico-8/pico8)
==4197==    by 0x409E86: codo_main_update (in /home/sam/pico-8/pico8)
==4197==    by 0x45EE76: codo_main (in /home/sam/pico-8/pico8)
==4197==    by 0x57852B0: (below main) (libc-start.c:291)
P#39882 2017-04-23 18:50 ( Edited 2017-04-24 15:51)

I believe I had this crash quite often recently, when I was dancing around this size limit. But on Windows/Mac, I don't believe I saw the error stack (perhaps I wasn't looking in the right place!)

P#39888 2017-04-24 00:16 ( Edited 2017-04-24 04:16)

Yes, it does crash on windows too. Anyway you shouldn't have a cartridge with over the code limit anyway... that's like cheating ;)

P#39893 2017-04-24 03:55 ( Edited 2017-04-24 07:56)

@JustBurner that’s correct; but a good reason for fixing this is that someone may distribute a cartridge that somehow exploits the buffer overflow and executes arbitrary code on other people’s computers.

P#39894 2017-04-24 05:34 ( Edited 2017-04-24 09:34)

Thanks, fixed for 0.1.11.

P#39903 2017-04-24 11:51 ( Edited 2017-04-24 15:51)

[Please log in to post a comment]

Follow Lexaloffle:          
Generated 2024-03-29 04:18:52 | 0.013s | Q:18