Mercurial > hg > early-roguelike

comparison arogue5/state.c @ 75:19903deed392

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
arogue5: fix the crash when checking prices in shops. A buffer called curpurch, which stores a description of an item in a trading post which the player might be interested in, was only 15 bytes. It was overflowing into oldrp, a room pointer, leading to segfaults. The size of curpurch has been increased to LINELEN*2, which matches the size of prbuf, which is returned by inv_name and then strcpy()'d to curpurch. As long as nothing overflows prbuf it should be safe now. NOTE that this breaks savefile compatibility.
author John "Elwin" Edwards <elwin@sdf.org>
date Wed, 05 Sep 2012 10:14:34 -0700
parents c49f7927b0fa
children 09db0cf536af
comparison
equal deleted inserted replaced
74:0fd87c5c5fca 75:19903deed392
2292 rs_write_int(savef, pray_time); 2292 rs_write_int(savef, pray_time);
2293 rs_write_int(savef, spell_power); 2293 rs_write_int(savef, spell_power);
2294 rs_write_int(savef, turns); 2294 rs_write_int(savef, turns);
2295 rs_write_int(savef, quest_item); 2295 rs_write_int(savef, quest_item);
2296 rs_write_char(savef, nfloors); 2296 rs_write_char(savef, nfloors);
2297 rs_write(savef, curpurch, 15); 2297 rs_write(savef, curpurch, LINELEN*2);
2298 rs_write_char(savef, PLAYER); 2298 rs_write_char(savef, PLAYER);
2299 rs_write_char(savef, take); 2299 rs_write_char(savef, take);
2300 rs_write(savef, prbuf, LINELEN); 2300 rs_write(savef, prbuf, LINELEN);
2301 rs_write_char(savef, runch); 2301 rs_write_char(savef, runch);
2302 rs_write(savef, whoami, LINELEN); 2302 rs_write(savef, whoami, LINELEN);
2418 rs_read_int(inf, &pray_time); 2418 rs_read_int(inf, &pray_time);
2419 rs_read_int(inf, &spell_power); 2419 rs_read_int(inf, &spell_power);
2420 rs_read_int(inf, &turns); 2420 rs_read_int(inf, &turns);
2421 rs_read_int(inf, &quest_item); 2421 rs_read_int(inf, &quest_item);
2422 rs_read_char(inf, &nfloors); 2422 rs_read_char(inf, &nfloors);
2423 rs_read(inf, &curpurch, 15); 2423 rs_read(inf, &curpurch, LINELEN*2);
2424 rs_read_char(inf, &PLAYER); 2424 rs_read_char(inf, &PLAYER);
2425 rs_read_char(inf, &take); 2425 rs_read_char(inf, &take);
2426 rs_read(inf, &prbuf, LINELEN); 2426 rs_read(inf, &prbuf, LINELEN);
2427 rs_read_char(inf, &runch); 2427 rs_read_char(inf, &runch);
2428 rs_read(inf, &whoami, LINELEN); 2428 rs_read(inf, &whoami, LINELEN);