Add FITSint() and FITSuint(),

which cast long long to int while panicking on overflow

diff --git a/include/extern.h b/include/extern.h
index b9a3017077d7991b98aaad11f166fa795ec74866..7e3ee500add030fa127a8a69ddfc9599a853a758 100644 (file)
--- a/include/extern.h
+++ b/include/extern.h
@@ -889,7 +889,7 @@ extern void reveal_paths(void);
 extern boolean read_tribute(const char *, const char *, int, char *, int,
                             unsigned);
 extern boolean Death_quote(char *, int);
-extern void livelog_add(long, const char *);
+extern void livelog_add(long ll_type, const char *);
 
 /* ### fountain.c ### */
 
@@ -1031,6 +1031,10 @@ extern void shuffle_int_array(int *, int);
     nh_snprintf(__func__, __LINE__, str, size, __VA_ARGS__)
 extern void nh_snprintf(const char *func, int line, char *str, size_t size,
                         const char *fmt, ...) PRINTF_F(5, 6);
+#define FITSint(x) FITSint_(x, __func__, __LINE__)
+extern int FITSint_(long long, const char *, int);
+#define FITSuint(x) FITSuint_(x, __func__, __LINE__)
+extern unsigned FITSuint_(unsigned long long, const char *, int);
 
 /* ### insight.c ### */
 

diff --git a/src/alloc.c b/src/alloc.c
index 416680c9f2028f9e614e45fb6b56379045c3e258..c4642d9ed4af9528db51a983f10c97c87183b4e8 100644 (file)
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -8,6 +8,10 @@
 /* since this file is also used in auxiliary programs, don't include all the
    function declarations for all of nethack */
 #define EXTERN_H /* comment line for pre-compiled headers */
+/* but we need this one */
+#define FITSuint(x) FITSuint_(x, __func__, __LINE__)
+extern unsigned FITSuint_(unsigned long long, const char *, int);
+
 #include "config.h"
 
 char *fmt_ptr(const genericptr);
@@ -147,7 +151,8 @@ nhdupstr(const char *string, const char *file, int line)
 char *
 dupstr(const char *string)
 {
-    return strcpy((char *) alloc(strlen(string) + 1), string);
+    unsigned len = FITSuint(strlen(string));
+    return strcpy((char *) alloc(len + 1), string);
 }
 
 /* similar for reasonable size strings, but return the length of the input as well */

diff --git a/src/botl.c b/src/botl.c
index 431d295cf814f33db8eb6703e540c7872459e38c..a7d5712855ee7a9e96e91aea34c7fc5f72784b7e 100644 (file)
--- a/src/botl.c
+++ b/src/botl.c
@@ -1039,8 +1039,7 @@ menualpha_cmp(const genericptr vptr1, const genericptr vptr2)
 int
 parse_cond_option(boolean negated, char *opts)
 {
-    int i;
-    size_t sl;
+    int i, sl;
     const char *compareto, *uniqpart, prefix[] = "cond_";
 
     if (!opts || strlen(opts) <= sizeof prefix - 1)

diff --git a/src/dlb.c b/src/dlb.c
index 642951fc55dc57f55a89274f1aedb9794bf2d07f..c52f286f9d0b73842153c7fb2fb74849a6ed2d2e 100644 (file)
--- a/src/dlb.c
+++ b/src/dlb.c
@@ -36,6 +36,10 @@ char dlbfilename[MAX_DLB_FILENAME];
 
 /* without extern.h via hack.h, these haven't been declared for us */
 extern FILE *fopen_datafile(const char *, const char *, int);
+#define FITSuint(x) FITSuint_((x), __func__, __LINE__)
+/* implementation will be in either dlb_main.c or the core */
+extern unsigned FITSuint_(unsigned long long, const char *, int);
+
 
 #ifdef DLBLIB
 /*
@@ -132,8 +136,8 @@ readlibdir(library *lp) /* library pointer to fill in */
     if (lp->rev > DLB_MAX_VERS || lp->rev < DLB_MIN_VERS)
         return FALSE;
 
-    lp->dir = (libdir *) alloc(lp->nentries * sizeof(libdir));
-    lp->sspace = (char *) alloc(lp->strsize);
+    lp->dir = (libdir *) alloc(FITSuint(lp->nentries * sizeof(libdir)));
+    lp->sspace = (char *) alloc(FITSuint(lp->strsize));
 
     /* read in each directory entry */
     for (i = 0, sp = lp->sspace; i < lp->nentries; i++) {

diff --git a/src/hacklib.c b/src/hacklib.c
index 4ed7ab8efb14054c7c1f9b85184d079517be7e0e..dd55fa0f20cd13505f5646012674567c8bd2d65b 100644 (file)
--- a/src/hacklib.c
+++ b/src/hacklib.c
@@ -1360,4 +1360,21 @@ nh_snprintf(
 
 RESTORE_WARNING_FORMAT_NONLITERAL
 
+/* cast to int or panic on overflow; use via macro */
+int
+FITSint_(lua_Integer i, const char *file, int line){
+    int ret = (int)i;
+    if (ret != i)
+        panic("Overflow at %s:%d", file, line);
+    return (int)i;
+}
+
+unsigned
+FITSuint_(unsigned long long i, const char *file, int line){
+    unsigned ret = (unsigned)i;
+    if (ret != i)
+        panic("Overflow at %s:%d", file, line);
+    return (unsigned)i;
+}
+
 /*hacklib.c*/

diff --git a/src/nhlua.c b/src/nhlua.c
index e7f813ffb5a8d46447ca4208a1e550d71e469ca1..1faef20bf7b4c01dce3ca6aa0c0d3f061c4ec3cd 100644 (file)
--- a/src/nhlua.c
+++ b/src/nhlua.c
@@ -1399,7 +1399,7 @@ nhl_loadlua(lua_State *L, const char *fname)
     dlb_fseek(fh, 0L, SEEK_SET);
 
     /* extra +1: room to add final '\n' if missing */
-    buf = bufout = (char *) alloc(buflen + 1 + 1);
+    buf = bufout = (char *) alloc(FITSint(buflen + 1 + 1));
     buf[0] = '\0';
     bufin = bufout = buf;
 
@@ -1416,7 +1416,7 @@ nhl_loadlua(lua_State *L, const char *fname)
          * in use, and fseek(SEEK_END) only yields an upper bound on
          * the actual amount of data in that situation.]
          */
-        if ((cnt = dlb_fread(bufin, 1, min(buflen, LOADCHUNKSIZE), fh)) < 0L)
+        if ((cnt = dlb_fread(bufin, 1, min((int)buflen, LOADCHUNKSIZE), fh)) < 0L)
             break;
         buflen -= cnt; /* set up for next iteration, if any */
         if (cnt == 0L) {

diff --git a/src/options.c b/src/options.c
index 8639976531b8f5885fb7c5d1ab4b5cd8cb3b3a4d..7f16db876fea1acfc0aeba85d31fc548f340a285 100644 (file)
--- a/src/options.c
+++ b/src/options.c
@@ -6697,7 +6697,6 @@ msgtype_parse_add(char *str)
 
         for (i = 0; i < SIZE(msgtype_names); i++)
             if (streq(msgtype_names[i].name, msgtype, TRUE)) {
-            //if (!strncmpi(msgtype_names[i].name, msgtype, strlen(msgtype))) {
                 typ = msgtype_names[i].msgtyp;
                 break;
             }
@@ -8468,7 +8467,8 @@ set_option_mod_status(const char *optnam, int status)
         return;
     }
     for (k = 0; allopt[k].name; k++) {
-        if (!strncmpi(allopt[k].name, optnam, strlen(optnam))) {
+        if (streq(allopt[k].name, optnam, TRUE)) {
+        //if (!strncmpi(allopt[k].name, optnam, strlen(optnam))) {
             allopt[k].setwhere = status;
             return;
         }

diff --git a/util/dlb_main.c b/util/dlb_main.c
index cb523078a1b9f91d6dccb21aeaf48a3752e3787d..204690e4f873c7ac0df96b267e8f5c820e439b54 100644 (file)
--- a/util/dlb_main.c
+++ b/util/dlb_main.c
@@ -17,6 +17,7 @@
 static void xexit(int) NORETURN;
 char *eos(char *); /* also used by dlb.c */
 FILE *fopen_datafile(const char *, const char *);
+unsigned FITSuint_(unsigned long long, const char *, int);
 
 #ifdef DLB
 #ifdef DLBLIB
@@ -543,4 +544,14 @@ xexit(int retcd)
     /*NOTREACHED*/
 }
 
+    /* In hacklib.c, but we don't have that and it calls panic() */
+unsigned
+FITSuint_(unsigned long long i, const char *file, int line){
+    unsigned ret = (unsigned)i;
+    if (ret != i) {
+        printf("Overflow at %s:%d\n", file, line);
+        xexit(EXIT_FAILURE);
+    }
+    return (unsigned)i;
+}
 /*dlb_main.c*/

diff --git a/util/makedefs.c b/util/makedefs.c
index d906262fba14bd6d888c6636c05f78d73bed85f0..29355cf6ee4a5b3ad2523d24b524a3bb077b65bd 100644 (file)
--- a/util/makedefs.c
+++ b/util/makedefs.c
@@ -171,6 +171,8 @@ static boolean use_enum = TRUE;
 extern unsigned _stklen = STKSIZ;
 #endif
 
+unsigned FITSuint_(unsigned long long, const char *, int);
+
 /*
  * Some of the routines in this source file were moved into .../src/mdlib
  * to facilitate the use of a cross-compiler generation of some of the
@@ -2349,4 +2351,14 @@ struct attribs attrmax, attrmin;
 #endif
 #endif /* STRICT_REF_DEF */
 
+/* In hacklib.c, but we don't have that and it calls panic() */
+unsigned
+FITSuint_(unsigned long long i, const char *file, int line){
+unsigned ret = (unsigned)i;
+if (ret != i) {
+    Fprintf(stdout, "Overflow at %s:%d\n", file, line);
+    makedefs_exit(EXIT_FAILURE);
+}
+return (unsigned)i;
+}
 /*makedefs.c*/