From 124040bcb909a107ff2f955fabf967e6913f3f10 Mon Sep 17 00:00:00 2001 From: "nethack.rankin" Date: Sun, 17 Dec 2006 06:26:08 +0000 Subject: [PATCH] multi-shot bug Reading the comments in the previous patch, I realized that keeping the old behavior for monsters who are shooting multiple missiles was leaving an obscure but potentially serious bug. I haven't attempted to trigger it but 3.4.3 is bound to be vulnerable. --- doc/fixes34.4 | 2 ++ src/mthrowu.c | 13 +++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/doc/fixes34.4 b/doc/fixes34.4 index 6bddaaafb..01e68472e 100644 --- a/doc/fixes34.4 +++ b/doc/fixes34.4 @@ -288,6 +288,8 @@ don't give erroneous " disppears" message for hero poly'd into quantum feedback from casting spell of protection was wrong in some situations can't engrave on floor while inside solid rock, wall, or closed door remove engravings at drawbridge location when it is opened, closed, or wrecked +monster killed in midst of multi-shot volley throwing/shooting might cause + freed memory to be accessed, potentially triggering a crash Platform- and/or Interface-Specific Fixes diff --git a/src/mthrowu.c b/src/mthrowu.c index c33a027fc..48b7af415 100644 --- a/src/mthrowu.c +++ b/src/mthrowu.c @@ -607,12 +607,17 @@ struct monst *mtmp; m_shot.n = multishot; for (m_shot.i = 1; m_shot.i <= m_shot.n; m_shot.i++) { - /* this continues even if mtmp gets killed (shot kills - adjacent gas spore and triggers explosion, perhaps) - because they're supposed to have been shot in a rapid - fire volley and conceptually all be in flight at once */ m_throw(mtmp, mtmp->mx, mtmp->my, sgn(tbx), sgn(tby), distmin(mtmp->mx, mtmp->my, mtmp->mux, mtmp->muy), otmp); + /* conceptually all N missiles are in flight at once, but + if mtmp gets killed (shot kills adjacent gas spore and + triggers explosion, perhaps), inventory will be dropped + and otmp might go away via merging into another stack */ + if (mtmp->mhp <= 0 && m_shot.i < m_shot.n) { + /* cancel pending shots (ought to give a message here since + we gave one above about throwing/shooting N missiles) */ + break; /* endmultishot(FALSE); */ + } } m_shot.n = m_shot.i = 0; m_shot.o = STRANGE_OBJECT;