fix Bell of Opening segfault

Noticed on nethack.alt.org; the Bell of Opening could trigger a
segfault if applied near a trap door or bear trap (and a few others)
that had no monster at the trap location.  Reproducible if done
while mounted; {open,close}{fall,hold}ingtrap() would try to access
monst->mx and monst->my of a Null monst pointer if given one when
u.usteed was non-Null.

diff --git a/doc/fixes36.1 b/doc/fixes36.1
index f0986f9a2beaa52dd2082e56de49080c7ef0ca77..179ac4fee8ed7c6fa8714470082950009568fb76 100644 (file)
--- a/doc/fixes36.1
+++ b/doc/fixes36.1
@@ -368,6 +368,8 @@ add option status_updates to prevent bottom of screen status line updates
 fix achievement recording bug with mines and sokoban prizes
 g.cubes would eat globs of green slime without harm; engulf those instead
 fix up true rumor about rock moles vs boots
+Bell of Opening could trigger segfault attempting to open some types of traps
+       if hero was mounted
 
 
 Fixes to Post-3.6.0 Problems that Were Exposed Via git Repository

diff --git a/src/trap.c b/src/trap.c
index 0df86b1d7a5a8033daf838dbfcbd12267546ba5e..2c9b4e51156f9bc172bfa2dcf85dceffbf389861 100644 (file)
--- a/src/trap.c
+++ b/src/trap.c
@@ -1,4 +1,4 @@
-/* NetHack 3.6 trap.c  $NHDT-Date: 1473665044 2016/09/12 07:24:04 $  $NHDT-Branch: NetHack-3.6.0 $:$NHDT-Revision: 1.274 $ */
+/* NetHack 3.6 trap.c  $NHDT-Date: 1489745987 2017/03/17 10:19:47 $  $NHDT-Branch: NetHack-3.6.0 $:$NHDT-Revision: 1.277 $ */
 /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
 /* NetHack may be freely redistributed.  See license for details. */
 
@@ -4420,6 +4420,8 @@ boolean *noticed; /* set to true iff hero notices the effect; */
     const char *trapdescr, *which;
     boolean ishero = (mon == &youmonst);
 
+    if (!mon)
+        return FALSE;
     if (mon == u.usteed)
         ishero = TRUE;
     t = t_at(ishero ? u.ux : mon->mx, ishero ? u.uy : mon->my);
@@ -4478,6 +4480,8 @@ boolean *noticed; /* set to true iff hero notices the effect; */
     unsigned dotrapflags;
     boolean ishero = (mon == &youmonst), result;
 
+    if (!mon)
+        return FALSE;
     if (mon == u.usteed)
         ishero = TRUE;
     t = t_at(ishero ? u.ux : mon->mx, ishero ? u.uy : mon->my);
@@ -4521,6 +4525,8 @@ boolean *noticed; /* set to true iff hero notices the effect; */
     struct trap *t;
     boolean ishero = (mon == &youmonst), result;
 
+    if (!mon)
+        return FALSE;
     if (mon == u.usteed)
         ishero = TRUE;
     t = t_at(ishero ? u.ux : mon->mx, ishero ? u.uy : mon->my);