From 2c3be8ebe1c6b71e00ed40e24bfa93a5179188e9 Mon Sep 17 00:00:00 2001
From: Pasi Kallinen <paxed@alt.org>
Date: Fri, 20 Dec 2019 15:16:12 +0200
Subject: [PATCH] Prevent accessing outside the mons array

---
 doc/fixes37.0 |  1 +
 src/minion.c  | 12 ++++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/doc/fixes37.0 b/doc/fixes37.0
index 37627fafa..41f7347a7 100644
--- a/doc/fixes37.0
+++ b/doc/fixes37.0
@@ -12,6 +12,7 @@ fix internal self-recover to work with recent fields added to checkpoint file
 improvements to pronoun usage when hallucinating
 function calls made from mapglyph based on dungeon level are now called once
 	per level
+fix accessing mons[-1] when trying to gate in a non-valid demon
 
 
 Fixes to Pre-3.7.0 Problems that Were Exposed Via git Repository
diff --git a/src/minion.c b/src/minion.c
index 6a8a06ee7..dac4430a0 100644
--- a/src/minion.c
+++ b/src/minion.c
@@ -78,11 +78,13 @@ struct monst *mon;
     if (is_dprince(ptr) || (ptr == &mons[PM_WIZARD_OF_YENDOR])) {
         dtype = (!rn2(20)) ? dprince(atyp) : (!rn2(4)) ? dlord(atyp)
                                                        : ndemon(atyp);
-        cnt = (!rn2(4) && is_ndemon(&mons[dtype])) ? 2 : 1;
+        cnt = ((dtype != NON_PM)
+               && !rn2(4) && is_ndemon(&mons[dtype])) ? 2 : 1;
     } else if (is_dlord(ptr)) {
         dtype = (!rn2(50)) ? dprince(atyp) : (!rn2(20)) ? dlord(atyp)
                                                         : ndemon(atyp);
-        cnt = (!rn2(4) && is_ndemon(&mons[dtype])) ? 2 : 1;
+        cnt = ((dtype != NON_PM)
+               && !rn2(4) && is_ndemon(&mons[dtype])) ? 2 : 1;
     } else if (is_ndemon(ptr)) {
         dtype = (!rn2(20)) ? dlord(atyp) : (!rn2(6)) ? ndemon(atyp)
                                                      : monsndx(ptr);
@@ -91,7 +93,8 @@ struct monst *mon;
         dtype = (is_lord(ptr) && !rn2(20))
                     ? llord()
                     : (is_lord(ptr) || !rn2(6)) ? lminion() : monsndx(ptr);
-        cnt = (!rn2(4) && !is_lord(&mons[dtype])) ? 2 : 1;
+        cnt = ((dtype != NON_PM)
+               && !rn2(4) && !is_lord(&mons[dtype])) ? 2 : 1;
     } else if (ptr == &mons[PM_ANGEL]) {
         /* non-lawful angels can also summon */
         if (!rn2(6)) {
@@ -107,7 +110,8 @@ struct monst *mon;
         } else {
             dtype = PM_ANGEL;
         }
-        cnt = (!rn2(4) && !is_lord(&mons[dtype])) ? 2 : 1;
+        cnt = ((dtype != NON_PM)
+               && !rn2(4) && !is_lord(&mons[dtype])) ? 2 : 1;
     }
 
     if (dtype == NON_PM)