PatR [Sat, 15 Feb 2020 22:42:00 +0000 (14:42 -0800)]
Guidebook.dat typo
A typo in Gbk-1pg-sfx.mn resulted in " /" as a "last word" on the
end-of-data marker line of the intermediate 12345 line single page.
That was effectively invisible because it immediately got deleted
during the post-processing which strips off that marker through to
the end (producing a 5266 line single page at present).
PatR [Sat, 15 Feb 2020 02:15:25 +0000 (18:15 -0800)]
Guidebook.dat, one-page edition of Guidebook.txt
Update sys/unix/Makefile.doc to be able to build Guidebook.dat, an
unpaginated copy of the plain text Guidebook. It's generated from
the 'roff source rather than by attempting to post-process the
regular text Guidebook.
PatR [Sat, 7 Mar 2020 18:47:51 +0000 (10:47 -0800)]
mon's glorkum pass harmlessly through the shade
I couldn't reproduce the problem; it appears to depend upon whether
the file-scope variable 'otmp' has a stale value, and that might
happen after a monster has tried to steal mon's saddle. However,
the code pointed out in the report is clearly wrong. This prevents
feedback of "glorkum" (with plural verb since quantity of 0 isn't 1),
but the potential stale value hasn't been dealt with.
PatR [Thu, 5 Mar 2020 21:55:45 +0000 (13:55 -0800)]
avoid #wizrumorcheck crash on bad rumor input
If either rumors.tru or rumors.fal was empty when makedefs made
'rumors', init_rumors() will set true_rumor_size to -1 to indicate
that rumors aren't available. It also closes the input file, and
then #wizrumorcheck closed that again, triggering a crash in the
dlb code.
Fortune cookies and oracles work ok (just not very interesting)
when rumors aren't available. Only the check command had trouble
with that.
PatR [Sat, 22 Feb 2020 09:41:04 +0000 (01:41 -0800)]
fix github issue #302 - divide by 0 crash
The traceback points directly to the problem: divide by 0 happens
if the 'bogusmon' file only contains the "do not edit" line, which
would happen if 'bogusmon.txt' is empty. makedefs probably ought to
complain about that.
There is now one hardcoded bogus monster to fall back to: 'bogon'.
Random tombstone epitaphs report divide by 0 if their text source is
empty, but it is done by rn2() rather than rn2_for_display_rng() so
is just a warning for pre-release code. It would crash for release
version though.
I tried placing an empty engravings file and expected similar results
but didn't see any response. Not sure what that means.
After the fix, empty epitaph file yields blank result so graves that
want a random epitaph won't have any epitaph.
PatR [Thu, 16 Jan 2020 13:22:18 +0000 (05:22 -0800)]
command line triggered buffer overruns
Prevent extremely long command line arguments from overflowing local
buffers in raw_printf or config_error_add. The increased buffer
sizes they recently got to deal with long configuration file values
aren't sufficient to handle command line induced overflows.
choose_windows(core): copy and truncate the window_type argument in
case it gets passed to config_error_add().
process_options(unix): report bad values with "%.60s" so that vsprintf
will implicitly truncate when formatted by raw_printf().
Pasi Kallinen [Fri, 20 Dec 2019 13:16:12 +0000 (15:16 +0200)]
Prevent accessing outside the mons array
Fix another out-of-bounds error
Monster trying to decide if a tin could cure stoning looking at
a special or empty tin would do acidic(&mons[-1])
PatR [Tue, 14 Jan 2020 10:52:34 +0000 (02:52 -0800)]
fix pline.c potential buffer overruns
Fix 'Bugs 4, 5, and 6' which all use a similar fix but would have
conflicts over '#define BIGBUFSZ' if committed separately.
Format ("short explanation %s", string_argument), where the
explanation always has modest length but the string is potentially
up to 4*BUFSZ in length, into a 5*BUFSZ buffer. Then truncate the
result to at most BUFSZ-1 characters so that it can be safely passed
to interface-specific putstr() or raw_print().
Applies to pline(), raw_printf(), and config_error_add(). Also done
for impossible() although there's no evidence that its buffer could
be overflowed in a controlled manner.
PatR [Tue, 14 Jan 2020 10:05:14 +0000 (02:05 -0800)]
fix sym_val() buffer overrun
Fix 'Bug 3' where too long SYMBOL=string in run-time config file could
overflow a local buffer and clobber the stack.
Valid value is only one character long after processing an 'escaped'
encoded character which can be at most 6 characters (plus terminator):
backslash M backslash and up three digits. If/when UTF8 gets added
the number of digits will increase. Use a truncated copy of the input
(substantially bigger than 6+1); ignore any excess.
PatR [Tue, 14 Jan 2020 03:26:53 +0000 (19:26 -0800)]
fix add_menu_coloring() buffer overrun
Fix 'Bug 2' where too long MENUCOLOR=string in run-time config file
could overflow a local buffer and clobber the stack.
Theoretically a menu coloring regular expression could require a
bigger buffer but I don't think we need to try to support that.
255 characters minus the amount needed to specify color and/or
attributes should be ample.
nhmall [Mon, 13 Jan 2020 19:54:48 +0000 (14:54 -0500)]
fix bug1
have string_for_opt() return the value string or empty_optstr to
provide some level of crash protection if some future added option
processing misbehaves. Callers of string_for_opt() and
string_for_env_opt() should always check for a match to empty_optstr.
projects / nethack / log