otransit_msg() fixes

Fixes #156

githib issue #156 complains that "The Excalibur falls down the stairs,"
is using poor grammar despite the fact that the usual drop message is
"You drop the +0 Excalibur."  I agree.  Change it to be "Excalibur
falls down the stairs."  (Drop message remains unchanged.)

While looking at that, I noticed that when knocking other items down
stairs, text was being appended to the formatted object name.  It was
probably safe due to the space reserved for inserting a prefix while
formatting an object's name, which becomes available for a suffix
after that name has been copied into otransit_msg()'s local buffer,
but using a separate buffer is safer.

diff --git a/doc/fixes36.2 b/doc/fixes36.2
index 47452ff970d1cd3f7e72589b3fa9cba815c6da97..96361d68af59e074500954fad42f9e93ae4ece18 100644 (file)
--- a/doc/fixes36.2
+++ b/doc/fixes36.2
@@ -189,6 +189,9 @@ fix odd wording "The boulder triggers and fills a pit"
 ^X status feedback: don't report "not wearing any armor" when wearing a shield
 attempting to #ride a long worm's tail could trigger impossible "worm_cross
        checking for non-adjacent location?"
+avoid "The " in "The <known-artifact-but-not-The-artifact> falls down stairs."
+avoid potential buffer overflow if object with very long name knocks other
+       objects down stairs when dropped, thrown, or kicked there
 
 
 Fixes to Post-3.6.1 Problems that Were Exposed Via git Repository

diff --git a/src/dokick.c b/src/dokick.c
index 1bea20ab68f4a92730dea7ac530bfdad60e70196..85d4616964a66ac392ebf42814ac513419bda1f6 100644 (file)
--- a/src/dokick.c
+++ b/src/dokick.c
@@ -1,4 +1,4 @@
-/* NetHack 3.6 dokick.c        $NHDT-Date: 1517128663 2018/01/28 08:37:43 $  $NHDT-Branch: NetHack-3.6.0 $:$NHDT-Revision: 1.113 $ */
+/* NetHack 3.6 dokick.c        $NHDT-Date: 1541842623 2018/11/10 09:37:03 $  $NHDT-Branch: NetHack-3.6.2-beta01 $:$NHDT-Revision: 1.122 $ */
 /* Copyright (c) Izchak Miller, Mike Stephenson, Steve Linhart, 1989. */
 /* NetHack may be freely redistributed.  See license for details. */
 
@@ -1722,22 +1722,27 @@ register struct obj *otmp;
 register boolean nodrop;
 long num;
 {
-    char obuf[BUFSZ];
+    char *optr = 0, obuf[BUFSZ], xbuf[BUFSZ];
 
-    Sprintf(obuf, "%s%s",
-            (otmp->otyp == CORPSE && type_is_pname(&mons[otmp->corpsenm]))
-                ? ""
-                : "The ",
-            cxname(otmp));
+    if (otmp->otyp == CORPSE) {
+        /* Tobjnam() calls xname() and would yield "The corpse";
+           we want more specific "The newt corpse" or "Medusa's corpse" */
+        optr = upstart(corpse_xname(otmp, (char *) 0, CXN_PFX_THE));
+    } else {
+        optr = Tobjnam(otmp, (char *) 0);
+    }
+    Strcpy(obuf, optr);
 
     if (num) { /* means: other objects are impacted */
-        Sprintf(eos(obuf), " %s %s object%s", otense(otmp, "hit"),
-                num == 1L ? "another" : "other", num > 1L ? "s" : "");
+        /* 3.6.2: use a separate buffer for the suffix to avoid risk of
+           overrunning obuf[] (let pline() handle truncation if necessary) */
+        Sprintf(xbuf, " %s %s object%s", otense(otmp, "hit"),
+                (num == 1L) ? "another" : "other", (num > 1L) ? "s" : "");
         if (nodrop)
-            Sprintf(eos(obuf), ".");
+            Sprintf(eos(xbuf), ".");
         else
-            Sprintf(eos(obuf), " and %s %s.", otense(otmp, "fall"), gate_str);
-        pline1(obuf);
+            Sprintf(eos(xbuf), " and %s %s.", otense(otmp, "fall"), gate_str);
+        pline("%s%s", obuf, xbuf);
     } else if (!nodrop)
         pline("%s %s %s.", obuf, otense(otmp, "fall"), gate_str);
 }