nethack-gwaa-kiwi/nethack
1
0
Fork 0
Code Pull Requests Activity

corpse_xname() fix

Browse Source 
Potential write out of bounds, in front of the block of obufs.
Not exploitable but could conceivably trigger a crash.
This commit is contained in:
PatR
2020-03-04 01:58:22 -08:00
parent cb18f60331
commit 12c2f84f64
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/fixes37.0
View File

@@ -1,4 +1,4 @@
$NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.117 $ $NHDT-Date: 1583282760 2020/03/04 00:46:00 $
$NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.118 $ $NHDT-Date: 1583315888 2020/03/04 09:58:08 $
General Fixes and Modified Features
-----------------------------------
@@ -64,6 +64,8 @@ randomly choosing role could lead to crash via segfault
if eel bite attack caused hero to move (killed + rehumanized + crawled out
of water), its grab attack could succeed even if no longer adjacent
invalid status highlight color could be maliciously used to corrupt memory
formatting corpse names used internal buffers differently from formatting
other objects and could potentially clobber memory
Fixes to 3.7.0-x Problems that Were Exposed Via git Repository

8
src/objnam.c
View File

@@ -1,4 +1,4 @@
/* NetHack 3.7 objnam.c $NHDT-Date: 1580070220 2020/01/26 20:23:40 $ $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.291 $ */
/* NetHack 3.7 objnam.c $NHDT-Date: 1583315888 2020/03/04 09:58:08 $ $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.293 $ */
/* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
/*-Copyright (c) Robert Patrick Rankin, 2011. */
/* NetHack may be freely redistributed. See license for details. */
@@ -1374,7 +1374,8 @@ struct obj *otmp;
const char *adjective;
unsigned cxn_flags; /* bitmask of CXN_xxx values */
{
char *nambuf = nextobuf();
/* some callers [aobjnam()] rely on prefix area that xname() sets aside */
char *nambuf = nextobuf() + PREFIX;
int omndx = otmp->corpsenm;
boolean ignore_quan = (cxn_flags & CXN_SINGULAR) != 0,
/* suppress "the" from "the unique monster corpse" */
@@ -1525,8 +1526,7 @@ struct obj *obj;
/* format the object */
if (obj->otyp == CORPSE) {
buf = nextobuf();
Strcpy(buf, corpse_xname(obj, (const char *) 0, CXN_NORMAL));
buf = corpse_xname(obj, (const char *) 0, CXN_NORMAL);
} else if (obj->otyp == SLIME_MOLD) {
/* concession to "most unique deaths competition" in the annual
devnull tournament, suppress player supplied fruit names because