fix invalid pointer dereference in morguemon

On 3/23/2015 6:41 PM, a bug reporter wrote:
> If the game generates a graveyard, the graveyard places a normal
> demon, but all normal demons are extinct at the time, then morguemon (at
> mkroom.c line 423) indexes mons with NON_PM (the return value of
> ndemon() if it can't find a reference), which is an invalid pointer
> dereference. According to the testbench, this mostly seems to happen on
> dlvl 12.

This fixes the code violation, but the logic will now drop down to the
ghost/wraith/zombie code when that happens.

Is that desireable, or should something else happen (for variety)?

diff --git a/doc/fixes35.0 b/doc/fixes35.0
index d1cd029327ff54298d29fb67a22d1b189a7a5d83..34a6ac9b47b8637f2d00c752104c9355ec5ff4f5 100644 (file)
--- a/doc/fixes35.0
+++ b/doc/fixes35.0
@@ -880,6 +880,8 @@ message inconsistency: death message "swallowed <mon> whole" was preceded
        by "You bite into"
 improve the messaging when a monster you can't see is causing an obstruction
 add option mention_walls, which gives feedback when bumping against a wall
+fix invalid pointer dereference in morguemon if ndemon returns NON_PM
+
 
 Platform- and/or Interface-Specific Fixes
 -----------------------------------------

diff --git a/src/mkroom.c b/src/mkroom.c
index 7f94076e7f364c28ebea4466fd60e02b95bf9d51..2581ce9964d6f354cbe13e10c0e5d6578ff3a767 100644 (file)
--- a/src/mkroom.c
+++ b/src/mkroom.c
@@ -1,4 +1,4 @@
-/* NetHack 3.5 mkroom.c        $NHDT-Date$  $NHDT-Branch$:$NHDT-Revision$ */
+/* NetHack 3.5 mkroom.c        $NHDT-Date: 1427239202 2015/03/24 23:20:02 $  $NHDT-Branch: master $:$NHDT-Revision: 1.16 $ */
 /* NetHack 3.5 mkroom.c        $Date: 2012/01/10 17:47:19 $  $Revision: 1.15 $ */
 /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
 /* NetHack may be freely redistributed.  See license for details. */
@@ -408,9 +408,17 @@ morguemon()
 {
        register int i = rn2(100), hd = rn2(level_difficulty());
 
-       if(hd > 10 && i < 10)
-               return((Inhell || In_endgame(&u.uz)) ? mkclass(S_DEMON,0) :
-                                                      &mons[ndemon(A_NONE)]);
+       if(hd > 10 && i < 10) {
+           if (Inhell || In_endgame(&u.uz)) {
+               return(mkclass(S_DEMON,0));
+           } else {
+               int ndemon_res = ndemon(A_NONE);
+               if (ndemon_res != NON_PM)
+                   return(&mons[ndemon_res]);
+               /* else do what? As is, it will drop to ghost/wraith/zombie */
+           }
+       }
+
        if(hd > 8 && i > 85)
                return(mkclass(S_VAMPIRE,0));