From: nethack.rankin Date: Wed, 23 Jan 2002 07:12:58 +0000 (+0000) Subject: micro fopenp() fix X-Git-Tag: MOVE2GIT~3375 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bbf7ada0dda94a30d9f269f573412e27f66adacc;p=nethack micro fopenp() fix From a bug report. I can't test this fix, but inspection of the code shows that his suggested fix is clearly necessary. Once `bp' gets incremented, storing via `bp[BUFSZ-1]' writes beyond the bounds of `buf' and clobbers something. --- diff --git a/doc/fixes33.2 b/doc/fixes33.2 index c71af1a95..7d78288a3 100644 --- a/doc/fixes33.2 +++ b/doc/fixes33.2 @@ -428,6 +428,7 @@ win32/tty: menus can take advantage of consoles larger than 80x25 win32/tty: add support for inverse attribute micro: prevent a guaranteed impossible() if we ever have more than (COLNO - 1) levels in the game +micro: fix out of bounds memory modification for file opens via PATH msdos: placeholder tiles accepted by the thin tile builder X11: viewport scrolling could scroll the the wrong place with resized window X11: allow extra space added to map widget to be removed if widget shrinks diff --git a/sys/share/pcsys.c b/sys/share/pcsys.c index b2c9cee3a..69c30f6f6 100644 --- a/sys/share/pcsys.c +++ b/sys/share/pcsys.c @@ -1,4 +1,4 @@ -/* SCCS Id: @(#)pcsys.c 3.3 1999/12/10 */ +/* SCCS Id: @(#)pcsys.c 3.3 2002/01/22 */ /* NetHack may be freely redistributed. See license for details. */ /* @@ -451,7 +451,7 @@ const char *name, *mode; ccnt++; } (void) strncpy(bp, name, (BUFSIZ - ccnt) - 2); - bp[BUFSIZ-1] = '\0'; + bp[BUFSIZ - ccnt - 1] = '\0'; if ((fp = fopen(buf, mode))) return fp; if (*pp)