Mercurial > hg > early-roguelike
comparison arogue5/state.c @ 75:19903deed392
arogue5: fix the crash when checking prices in shops.
A buffer called curpurch, which stores a description of an item in a
trading post which the player might be interested in, was only 15
bytes. It was overflowing into oldrp, a room pointer, leading to
segfaults. The size of curpurch has been increased to LINELEN*2,
which matches the size of prbuf, which is returned by inv_name and
then strcpy()'d to curpurch. As long as nothing overflows prbuf it
should be safe now.
NOTE that this breaks savefile compatibility.
author | John "Elwin" Edwards <elwin@sdf.org> |
---|---|
date | Wed, 05 Sep 2012 10:14:34 -0700 |
parents | c49f7927b0fa |
children | 09db0cf536af |
comparison
equal
deleted
inserted
replaced
74:0fd87c5c5fca | 75:19903deed392 |
---|---|
2292 rs_write_int(savef, pray_time); | 2292 rs_write_int(savef, pray_time); |
2293 rs_write_int(savef, spell_power); | 2293 rs_write_int(savef, spell_power); |
2294 rs_write_int(savef, turns); | 2294 rs_write_int(savef, turns); |
2295 rs_write_int(savef, quest_item); | 2295 rs_write_int(savef, quest_item); |
2296 rs_write_char(savef, nfloors); | 2296 rs_write_char(savef, nfloors); |
2297 rs_write(savef, curpurch, 15); | 2297 rs_write(savef, curpurch, LINELEN*2); |
2298 rs_write_char(savef, PLAYER); | 2298 rs_write_char(savef, PLAYER); |
2299 rs_write_char(savef, take); | 2299 rs_write_char(savef, take); |
2300 rs_write(savef, prbuf, LINELEN); | 2300 rs_write(savef, prbuf, LINELEN); |
2301 rs_write_char(savef, runch); | 2301 rs_write_char(savef, runch); |
2302 rs_write(savef, whoami, LINELEN); | 2302 rs_write(savef, whoami, LINELEN); |
2418 rs_read_int(inf, &pray_time); | 2418 rs_read_int(inf, &pray_time); |
2419 rs_read_int(inf, &spell_power); | 2419 rs_read_int(inf, &spell_power); |
2420 rs_read_int(inf, &turns); | 2420 rs_read_int(inf, &turns); |
2421 rs_read_int(inf, &quest_item); | 2421 rs_read_int(inf, &quest_item); |
2422 rs_read_char(inf, &nfloors); | 2422 rs_read_char(inf, &nfloors); |
2423 rs_read(inf, &curpurch, 15); | 2423 rs_read(inf, &curpurch, LINELEN*2); |
2424 rs_read_char(inf, &PLAYER); | 2424 rs_read_char(inf, &PLAYER); |
2425 rs_read_char(inf, &take); | 2425 rs_read_char(inf, &take); |
2426 rs_read(inf, &prbuf, LINELEN); | 2426 rs_read(inf, &prbuf, LINELEN); |
2427 rs_read_char(inf, &runch); | 2427 rs_read_char(inf, &runch); |
2428 rs_read(inf, &whoami, LINELEN); | 2428 rs_read(inf, &whoami, LINELEN); |