The save/restore code took the pointer intended as an argument for the
doctor() daemon and wrote it to the savefile as an int. I don't know
why it took so long to fail horribly. The problem has been avoided by
replacing the value with &player when restoring. That seems to be the
only argument ever actually used.
The code also writes only four bytes for an unsigned long; if
sizeof(long) == 8, it casts to unsigned int first. It failed to do the
cast when reading back, with the result that four bytes were read and
the other half of the number was effectively uninitialized.
It apparently works now, but the save/restore code ought still to be
regarded as decidedly unfortunate.
Some .o files need to be rebuilt if config.h changes. Adding it to the
list of headers may still fail to solve the problem, because some of
the Makefiles use implicit rules or do not list dependencies properly.
In all games, rs_write_room_reference() stored -1 for a nonexistent
room, but rs_read_room_reference() did not check for out-of-bounds
values, leading to pointers to rooms[-1], which sometimes caused
crashes. rs_read_room_reference() has now been modified to use NULL
instead.
Some of the games required further changes to replace NULL with the
pointer to the actual room. Others are capable of handling NULL for
objects not in any room.
The spell-choosing and prayer-choosing routines, when the one-line
inventory option is set, displayed to cw instead of msgw. This caused
permanent corruption of the message line.
Some sections of code that prompt the user for a string of input were
calling get_str() with cw (the player-visible screen containing the
map), which caused whatever the player typed to get printed starting at
cw's idea of the cursor position, which was usually the Rogue's @-sign.
This corrupted the map.
The problem has been fixed by passing msgw (the message line at the top
of the screen) to get_str(), so the player's typing appears where msgw
thinks the cursor should be, which is in the sensible place right after
the prompt. Some other get_str() invocations which used hw or stdscr
have been left unmodified.
A buffer called curpurch, which stores a description of an item in a
trading post which the player might be interested in, was only 15
bytes. It was overflowing into oldrp, a room pointer, leading to
segfaults. The size of curpurch has been increased to LINELEN*2,
which matches the size of prbuf, which is returned by inv_name and
then strcpy()'d to curpurch. As long as nothing overflows prbuf it
should be safe now.
NOTE that this breaks savefile compatibility.
