fix #K3888 - object lost panic cased by lava
Report was for spell-casting monster using the destroy armor spell on hero's levitation boots while hero was floating over lava. The boots became unworn but still in inventory, hero dropped into lava, the boots happened to be an inventory item which got burned up, then the call stack unwound back to the destroy armor routine which tried to finish by deleting them but they were already gone by then. Could also happen for black dragon breath, hero reading scroll of destroy armor, or overenchanting the boots with scroll of enchant armor, so not so unlikely that nobody would be expected to notice. Initially I couldn't reproduce the object lost panic. It only happens if the memory used by the boots is cleared or clobbered during first time it's freed, otherwise second free doesn't notice any problem. The 'wornarm_destroyed()' portion of this commit is sufficient to fix this. The other bits are things I tried before figuring out how to reproduce it, plus zeroing out any object passed to dealloc_obj().
This commit is contained in:
PatR
@@ -2635,6 +2635,12 @@ dealloc_obj(struct obj *obj)
|
||||
obj->where = OBJ_LUAFREE;
|
||||
return;
|
||||
}
|
||||
#ifdef DEBUG
|
||||
/* clobber out of date information contained in the about-to-become
|
||||
stale memory; do this before 'free()' in case a debugging malloc
|
||||
implementation overwrites the memory with something else */
|
||||
*obj = cg.zeroobj;
|
||||
#endif
|
||||
free((genericptr_t) obj);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user