[0.17.79] Corrupt level.dat file causes crash

[cudy789]

Hello,

I'm a university student and I've been doing some fuzz testing for a class of mine. I've been able to crash Factorio by unzipping the save.zip file, fuzzing the level.dat file inside, then re-compressing and clicking on the save file in the 'Load Game' menu. The crash occurs right when you click on the save game on the left side, not when you click the 'Load' button in the bottom right. I can replicate this issue with 2 of the 16 fuzzed save.zip files I've generated.

I've attached the log and zip files for these 2 games.

I understand this may not be a pressing issue, but I'm just putting it here so it's on your radar.

Thanks,
-CK

[boskid]

Code: Select all

Unhandled exception: memory allocation of 107374182539 bytes failed!

What would you expect to happen when loading corrupted save file? It is binary and there are some places where before sequence of records there is size field saying how many of them they are. If you corrupt size field then you will get bad allocation, not enough data or other crashes due to deserialiser misinterpreting data. Why should i even care fixing your crashes? As long as they are not allowing arbitrary code execution then i simply do not care.

[cudy789]

Sorry - I forgot to enable notifications on this thread.

I would expect an error when loading a corrupt file, not a crash. There is obviously some sort of error checking that is functional in the deserializer as not every corrupt level.dat file causes a crash. I spent 10 minutes setting up my tools to test this, imagine what a motivated adversary could do. This is an issue.

Once again, I understand that this may not be a high priority, but this is a bug. If you simply don't care enough to take this seriously, then next time I find a bug I'll be sure to keep it to myself so you won't be inconvenienced.

[boskid]

Sorry - I forgot to enable notifications on this thread.

I would expect an error when loading a corrupt file, not a crash. There is obviously some sort of error checking that is functional in the deserializer as not every corrupt level.dat file causes a crash. I spent 10 minutes setting up my tools to test this, imagine what a motivated adversary could do. This is an issue.

Once again, I understand that this may not be a high priority, but this is a bug. If you simply don't care enough to take this seriously, then next time I find a bug I'll be sure to keep it to myself so you won't be inconvenienced.

This is not a bug. One player may have 128GB of ram and would load given save file just fine while other player would run out of ram and factorio will crash on memory allocation. This is not critical system and crashing on failed allocation is enough solution that keeps code a bit easier to maintain. This particular crash also does not have too much potential of being exploited since there is not too many moving parts.