exploding magic pointers

     Fix the two problems that <Someone> reported about stale pointer use
after a bag of holding has exploded.  use_container() passed the wrong
variable for quantity when calling useupf(), and doapply() had no way to
tell if the object being used had been destroyed so could use an invalid
pointer when checking for speaking artifact.  The fix for the latter is
much simpler than what <Someone> suggested.

diff --git a/doc/fixes34.4 b/doc/fixes34.4
index df686a4172d34b4d9b2a11efa068699586b48654..8e10929d0ce905b32e2bb4e1cef6e4bec2889086 100644 (file)
--- a/doc/fixes34.4
+++ b/doc/fixes34.4
@@ -85,6 +85,7 @@ monsters evading a kick on noteleport levels would cause a "teleports" message
 interrupt current activity during certain stages of petrification or vomiting
 warning about bad food didn't recognize tin of Medusa meat
 eating tainted Medusa corpse caused food poisioning instead of petrification
+avoid potential stale pointer use after magic bag explosion
 
 
 Platform- and/or Interface-Specific Fixes

diff --git a/src/apply.c b/src/apply.c
index ad61a93fd99033aa1cdf58211b52de6ee9123ea7..17312b8147dba97a0fe757735bbb5f9903fb2e61 100644 (file)
--- a/src/apply.c
+++ b/src/apply.c
@@ -1,4 +1,4 @@
-/*     SCCS Id: @(#)apply.c    3.5     2004/12/21      */
+/*     SCCS Id: @(#)apply.c    3.5     2005/01/05      */
 /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
 /* NetHack may be freely redistributed.  See license for details. */
 
@@ -45,6 +45,9 @@ STATIC_DCL void FDECL(add_class, (char *, CHAR_P));
 void FDECL( amii_speaker, ( struct obj *, char *, int ) );
 #endif
 
+/* managed by use_container(pickup.c) */
+extern struct obj *current_container;
+
 static const char no_elbow_room[] = "don't have enough elbow-room to maneuver.";
 
 #ifdef TOURIST
@@ -2967,6 +2970,9 @@ doapply()
        case BAG_OF_HOLDING:
        case OILSKIN_SACK:
                res = use_container(obj, 1);
+               /* magic bag might end up being destroyed;
+                  if so, current_container will be null */
+               obj = current_container;
                break;
        case BAG_OF_TRICKS:
                bagotricks(obj);

diff --git a/src/pickup.c b/src/pickup.c
index f70f759945a92b31bc3c14c1b4ecc824aa5952f8..a6fd4c8cd3286081795f55b258b189f185369262 100644 (file)
--- a/src/pickup.c
+++ b/src/pickup.c
@@ -1,4 +1,4 @@
-/*     SCCS Id: @(#)pickup.c   3.5     2004/01/03      */
+/*     SCCS Id: @(#)pickup.c   3.5     2005/02/05      */
 /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
 /* NetHack may be freely redistributed.  See license for details. */
 
@@ -56,6 +56,12 @@ STATIC_DCL void FDECL(tipcontainer, (struct obj *));
 /* if you can figure this out, give yourself a hearty pat on the back... */
 #define GOLD_CAPACITY(w,n)     (((w) * -100L) - ((n) + 50L) - 1L)
 
+/* A variable set in use_container(), to be used by the callback routines  */
+/* in_container() and out_container() from askchain() and use_container(). */
+/* Also used by doapply(apply.c).                                         */
+struct obj *current_container;
+#define Icebox (current_container->otyp == ICE_BOX)
+
 static const char moderateloadmsg[] = "You have a little trouble lifting";
 static const char nearloadmsg[] = "You have much trouble lifting";
 static const char overloadmsg[] = "You have extreme difficulty lifting";
@@ -1758,11 +1764,6 @@ mbag_explodes(obj, depthin)
     return FALSE;
 }
 
-/* A variable set in use_container(), to be used by the callback routines   */
-/* in_container(), and out_container() from askchain() and use_container(). */
-static NEARDATA struct obj *current_container;
-#define Icebox (current_container->otyp == ICE_BOX)
-
 /* Returns: -1 to stop, 1 item was inserted, 0 item was not inserted. */
 STATIC_PTR int
 in_container(obj)
@@ -1887,7 +1888,7 @@ register struct obj *obj;
                if (!floor_container)
                        useup(current_container);
                else if (obj_here(current_container, u.ux, u.uy))
-                       useupf(current_container, obj->quan);
+                       useupf(current_container, current_container->quan);
                else
                        panic("in_container:  bag not found.");