From 20accd4bb756cf295ffc119a4e8cca9f511d5651 Mon Sep 17 00:00:00 2001 From: PatR Date: Sat, 9 Dec 2017 00:36:19 -0800 Subject: [PATCH] fix #H6597 - genocide exploit Self-genocide (own role or race) while polymorphed sets u.uhp to -1 so that you'll be killed during rehumanization. I found a couple of places which were testing (u.uhp < 1) without checking polymorph state, and one of those was where monster movement decides whether or not to attack. This bug seems to have been present since start of the second cvs repository, so has been around for quite a long time without anybody letting on that they'd noticed. So it probably isn't a very effective exploit, although it would certainly make ascending without wearing armor become much more feasible. There are bound to be other places which examine u.uhp directly instead of '(Upolyd ? u.mh : u.uhp)' but I only checked m*.c. --- doc/fixes36.1 | 2 ++ src/mhitu.c | 9 ++++++--- src/monmove.c | 5 +++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/doc/fixes36.1 b/doc/fixes36.1 index d844df709..b8dc23143 100644 --- a/doc/fixes36.1 +++ b/doc/fixes36.1 @@ -484,6 +484,8 @@ when trying to swap places with a pet and failing due to pet being unable when trying to swap places with a pet and failing due to pet being trapped or disallowed diagonal move, the arrive-on-new-spot code (autopickup, trap triggering) executed even though hero didn't ultimately move +being "dead inside" (self-genocide while polymorphed) conferred partial + invulnerability--normal monster behavior stopped attacking hero Fixes to Post-3.6.0 Problems that Were Exposed Via git Repository diff --git a/src/mhitu.c b/src/mhitu.c index 50399899a..7d07a8782 100644 --- a/src/mhitu.c +++ b/src/mhitu.c @@ -1,4 +1,4 @@ -/* NetHack 3.6 mhitu.c $NHDT-Date: 1505001092 2017/09/09 23:51:32 $ $NHDT-Branch: NetHack-3.6.0 $:$NHDT-Revision: 1.147 $ */ +/* NetHack 3.6 mhitu.c $NHDT-Date: 1512808564 2017/12/09 08:36:04 $ $NHDT-Branch: NetHack-3.6.0 $:$NHDT-Revision: 1.148 $ */ /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */ /* NetHack may be freely redistributed. See license for details. */ @@ -1629,8 +1629,11 @@ register struct attack *mattk; dmg = 0; break; } - if (u.uhp < 1) - done_in_by(mtmp, DIED); + if ((Upolyd ? u.mh : u.uhp) < 1) { + /* already dead? call rehumanize() or done_in_by() as appropriate */ + mdamageu(mtmp, 1); + dmg = 0; + } /* Negative armor class reduces damage done instead of fully protecting * against hits. diff --git a/src/monmove.c b/src/monmove.c index 26d7e2144..9febe3fc7 100644 --- a/src/monmove.c +++ b/src/monmove.c @@ -1,4 +1,4 @@ -/* NetHack 3.6 monmove.c $NHDT-Date: 1505265968 2017/09/13 01:26:08 $ $NHDT-Branch: NetHack-3.6.0 $:$NHDT-Revision: 1.93 $ */ +/* NetHack 3.6 monmove.c $NHDT-Date: 1512808567 2017/12/09 08:36:07 $ $NHDT-Branch: NetHack-3.6.0 $:$NHDT-Revision: 1.95 $ */ /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */ /* NetHack may be freely redistributed. See license for details. */ @@ -617,7 +617,8 @@ toofar: */ if (!mtmp->mpeaceful || (Conflict && !resist(mtmp, RING_CLASS, 0, 0))) { - if (inrange && !noattacks(mdat) && u.uhp > 0 && !scared && tmp != 3) + if (inrange && !noattacks(mdat) + && (Upolyd ? u.mh : u.uhp) > 0 && !scared && tmp != 3) if (mattacku(mtmp)) return 1; /* monster died (e.g. exploded) */