nethack-gwaa-kiwi/nethack
1
0
Fork 0
Code Pull Requests Activity

fix prompt string overflow in lift_object()

Browse Source 
<email deleted> wrote:
> The game crashed badly when I made some experiments with items
> with very long names:
>
> You have much trouble lifting a blessed greased thoroughly rusty  >thoroughly corroded +3 plate mail named terribly long killer longer than my
>ong long-worm called long.  Continue? [ynq] (q)

  tty_yn_function(const char * 0x0012fa50,
      const char * 0x00572ddc _ynqchars, char 113) line 379 + 6 bytes
  lift_object(obj * 0x009e8970, obj * 0x00000000,
      long * 0x0012fcd0, char 0) line 1131 + 20 bytes
  pickup_object(obj * 0x009e8970, long 1, char 0) line 1258 + 19 bytes
  pickup(int 0) line 474 + 28 bytes
  dopickup() line 1853 + 11 bytes
  rhack(char * 0x005c0d50 in_line) line 1908 + 3 bytes
  moveloop() line 406 + 7 bytes
  main(int 3, char * * 0x009e2ac0) line 102
This commit is contained in:
nethack.allison
2003-05-08 02:25:19 +00:00
parent 25d6335de9
commit 24f9f56006
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
doc/fixes34.2
View File

@@ -50,6 +50,7 @@ give more explicit feedback for exploding bag of holding
help display for "list of game options" misformats runmode and scroll_amount
pit created by land mine explosion doesn't start out concealed
update map display sooner when pushed boulder triggers land mine explosion
prevent fatal error from prompt string overflow in lift_object()
Platform- and/or Interface-Specific Fixes

1
doc/fixes35.0
View File

@@ -26,6 +26,7 @@ dust vortex-induced blindness should kick in immediately when blindfold
is removed or glop is wiped off
prayer/unicorn-horn won't fix blindness while still engulfed in a dust
vortex since it will just return immediately
prevent fatal error from prompt string overflow in lift_object()
Platform- and/or Interface-Specific Fixes

10
src/pickup.c
View File

@@ -1122,12 +1122,18 @@ boolean telekinesis;
} else {
char qbuf[BUFSZ];
long savequan = obj->quan;
unsigned textleft;
obj->quan = *cnt_p;
Sprintf(qbuf, "%s %s. Continue?",
Strcpy(qbuf,
(next_encumbr > HVY_ENCUMBER) ? overloadmsg :
(next_encumbr > MOD_ENCUMBER) ? nearloadmsg :
moderateloadmsg, doname(obj));
moderateloadmsg);
textleft = QBUFSZ - (strlen(qbuf) + sizeof(" . Continue?"));
Sprintf(eos(qbuf), " %s. Continue?",
(strlen(doname(obj)) < textleft) ? doname(obj) :
(strlen(simple_typename(obj->otyp)) < textleft) ?
an(simple_typename(obj->otyp)) : something);
obj->quan = savequan;
switch (ynq(qbuf)) {
case 'q': result = -1; break;