From: Sean Hunt Date: Sat, 21 Mar 2015 15:55:30 +0000 (-0400) Subject: Fix use-after-frees on dipped objects. X-Git-Tag: NetHack-3.6.0_RC01~560 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e41b3f71435a4471ba4c2baf41743d2789b676fb;p=nethack Fix use-after-frees on dipped objects. --- diff --git a/src/fountain.c b/src/fountain.c index 88fb6e2a4..405fac4a3 100644 --- a/src/fountain.c +++ b/src/fountain.c @@ -1,4 +1,4 @@ -/* NetHack 3.5 fountain.c $NHDT-Date$ $NHDT-Branch$:$NHDT-Revision$ */ +/* NetHack 3.5 fountain.c $NHDT-Date: 1426953330 2015/03/21 15:55:30 $ $NHDT-Branch: master $:$NHDT-Revision: 1.40 $ */ /* NetHack 3.5 fountain.c $Date: 2011/08/20 00:22:20 $ $Revision: 1.32 $ */ /* Copyright Scott R. Turner, srt@ucla, 10/27/86 */ /* NetHack may be freely redistributed. See license for details. */ @@ -402,12 +402,14 @@ register struct obj *obj; if(in_town(u.ux, u.uy)) (void) angry_guards(FALSE); return; - } else if (water_damage(obj, NULL, TRUE) != ER_NOTHING) { - if (obj->otyp == POT_ACID) { /* Acid and water don't mix */ - useup(obj); - return; - } else if (!rn2(2)) /* no further effect */ - return; + } else { + int er = water_damage(obj, NULL, TRUE); + if (obj->otyp == POT_ACID && er != ER_DESTROYED) { /* Acid and water don't mix */ + useup(obj); + return; + } else if (er != ER_NOTHING && !rn2(2)) { /* no further effect */ + return; + } } switch (rnd(30)) { diff --git a/src/potion.c b/src/potion.c index 0af019181..d9e5e9ca8 100644 --- a/src/potion.c +++ b/src/potion.c @@ -1,4 +1,4 @@ -/* NetHack 3.5 potion.c $NHDT-Date$ $NHDT-Branch$:$NHDT-Revision$ */ +/* NetHack 3.5 potion.c $NHDT-Date: 1426953330 2015/03/21 15:55:30 $ $NHDT-Branch: master $:$NHDT-Revision: 1.99 $ */ /* NetHack 3.5 potion.c $Date: 2013/11/05 00:57:55 $ $Revision: 1.91 $ */ /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */ /* NetHack may be freely redistributed. See license for details. */ @@ -1664,8 +1664,8 @@ dodip() rider_cant_reach(); /* not skilled enough to reach */ } else { if (obj->otyp == POT_ACID) obj->in_use = 1; - (void) water_damage(obj, 0, TRUE); - if (obj->in_use) useup(obj); + if (water_damage(obj, 0, TRUE) != ER_DESTROYED && obj->in_use) + useup(obj); } return 1; }