From: nhmall Date: Tue, 24 Mar 2015 23:20:14 +0000 (-0400) Subject: fix invalid pointer dereference in morguemon X-Git-Tag: NetHack-3.6.0_RC01~557 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a1cc33d6aed8cec411339736375fc231c2da9699;p=nethack fix invalid pointer dereference in morguemon On 3/23/2015 6:41 PM, a bug reporter wrote: > If the game generates a graveyard, the graveyard places a normal > demon, but all normal demons are extinct at the time, then morguemon (at > mkroom.c line 423) indexes mons with NON_PM (the return value of > ndemon() if it can't find a reference), which is an invalid pointer > dereference. According to the testbench, this mostly seems to happen on > dlvl 12. This fixes the code violation, but the logic will now drop down to the ghost/wraith/zombie code when that happens. Is that desireable, or should something else happen (for variety)? --- diff --git a/doc/fixes35.0 b/doc/fixes35.0 index d1cd02932..34a6ac9b4 100644 --- a/doc/fixes35.0 +++ b/doc/fixes35.0 @@ -880,6 +880,8 @@ message inconsistency: death message "swallowed whole" was preceded by "You bite into" improve the messaging when a monster you can't see is causing an obstruction add option mention_walls, which gives feedback when bumping against a wall +fix invalid pointer dereference in morguemon if ndemon returns NON_PM + Platform- and/or Interface-Specific Fixes ----------------------------------------- diff --git a/src/mkroom.c b/src/mkroom.c index 7f94076e7..2581ce996 100644 --- a/src/mkroom.c +++ b/src/mkroom.c @@ -1,4 +1,4 @@ -/* NetHack 3.5 mkroom.c $NHDT-Date$ $NHDT-Branch$:$NHDT-Revision$ */ +/* NetHack 3.5 mkroom.c $NHDT-Date: 1427239202 2015/03/24 23:20:02 $ $NHDT-Branch: master $:$NHDT-Revision: 1.16 $ */ /* NetHack 3.5 mkroom.c $Date: 2012/01/10 17:47:19 $ $Revision: 1.15 $ */ /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */ /* NetHack may be freely redistributed. See license for details. */ @@ -408,9 +408,17 @@ morguemon() { register int i = rn2(100), hd = rn2(level_difficulty()); - if(hd > 10 && i < 10) - return((Inhell || In_endgame(&u.uz)) ? mkclass(S_DEMON,0) : - &mons[ndemon(A_NONE)]); + if(hd > 10 && i < 10) { + if (Inhell || In_endgame(&u.uz)) { + return(mkclass(S_DEMON,0)); + } else { + int ndemon_res = ndemon(A_NONE); + if (ndemon_res != NON_PM) + return(&mons[ndemon_res]); + /* else do what? As is, it will drop to ghost/wraith/zombie */ + } + } + if(hd > 8 && i > 85) return(mkclass(S_VAMPIRE,0));