nethack-gwaa-kiwi/nethack
1
0
Fork 0
Code Pull Requests Activity

fix monstone() ... dealloc_obj() panic

Browse Source 
Fuzzer feebdack.  When turning a monster into a statue, monstone()
builds a linked list of mon->minvent items to put into that statue.
It doesn't use obj_extract_self() to take them off again, leaving
obj->nobj non-Null.  Not noticed for the normal case where each item
gets linked into the container's contents, but triggers panic if an
item merges with something already put inside so gets removed.

Suddenly, the dungeon collapses.
dealloc_obj with nobj
[2] 0x01000c4193 panic + 995
[3] 0x0100155427 dealloc_obj + 71
[4] 0x010021d4de obfree + 686
[5] 0x01000f2f92 merged + 834
[6] 0x010015356e add_to_container + 126
[7] 0x01001628ac monstone + 636

I don't know why the petrified monster's mergeable inventory wasn't
already merged while in inventory.
This commit is contained in:
PatR
2019-01-31 04:22:04 -08:00
parent 8736141f68
commit 48e7643739
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/fixes36.2
View File

@@ -1,4 +1,4 @@
$NHDT-Branch: NetHack-3.6.2-beta01 $:$NHDT-Revision: 1.239 $ $NHDT-Date: 1548695445 2019/01/28 17:10:45 $
$NHDT-Branch: NetHack-3.6.2-beta01 $:$NHDT-Revision: 1.241 $ $NHDT-Date: 1548937318 2019/01/31 12:21:58 $
This fixes36.2 file is here to capture information about updates in the 3.6.x
lineage following the release of 3.6.1 in April 2018. Please note, however,
@@ -355,6 +355,8 @@ hero poly'd into creature with hug attack could hug a long worm's tail which
smudging of an engraving has been relocated to after a succesful move
and both your former location and your resulting location are
subject to the smudging
monster with multiple items in inventory could trigger 'dealloc_obj with nobj'
panic when turned into a statue if separate mon->minvent items merged
Fixes to Post-3.6.1 Problems that Were Exposed Via git Repository

3
src/mon.c
View File

@@ -1,4 +1,4 @@
/* NetHack 3.6 mon.c $NHDT-Date: 1548208236 2019/01/23 01:50:36 $ $NHDT-Branch: NetHack-3.6.2-beta01 $:$NHDT-Revision: 1.277 $ */
/* NetHack 3.6 mon.c $NHDT-Date: 1548937318 2019/01/31 12:21:58 $ $NHDT-Branch: NetHack-3.6.2-beta01 $:$NHDT-Revision: 1.278 $ */
/* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
/*-Copyright (c) Derek S. Ray, 2015. */
/* NetHack may be freely redistributed. See license for details. */
@@ -2213,6 +2213,7 @@ struct monst *mdef;
otmp = oname(otmp, MNAME(mdef));
while ((obj = oldminvent) != 0) {
oldminvent = obj->nobj;
obj->nobj = 0; /* avoid merged-> obfree-> dealloc_obj-> panic */
(void) add_to_container(otmp, obj);
}
/* Archeologists should not break unique statues */