band-aid for fuzzer crash in doclassdisco()

This should prevent the unexplained situation in doclassdisco(the
back-tick command) from triggering a crash, but doesn't solve the
underlying problem.  And the new impossible() will be escalated to
panic() by the fuzzer, so will still cause it to die.

Still no idea why the class input letter 'c' ended up with value
'I', leading to 'oclass' being MAXOCLASSES and going out of array
bounds during during doclassdisco()'s final loop.
This commit is contained in:
PatR
2024-07-07 16:43:55 -07:00
parent fbda1183d7
commit 0447a1f107
2 changed files with 14 additions and 6 deletions

View File

@@ -194,7 +194,7 @@ struct instance_globals_b {
#endif
/* decl.c */
int bases[MAXOCLASSES + 1];
int bases[MAXOCLASSES + 2]; /* make bases[MAXOCLASSES+1] available */
coord bhitpos; /* place where throw or zap hits or stops */
struct obj *billobjs; /* objects not yet paid for */