avoid more QBUFSZ buffer overflows

Several places were not using safe_qbuf or anything equivalent to avoid
overflowing a QBUFSZ buffer.  Add more uses plus one special case.  For
the current max lengths returned by xname(), I think this is
sufficient.  This addresses a reported buffer overflow for a
"thoroughly rusty thoroughly corroded helm of opposite alignment", plus more.

doc/fixes34.4

@@ -96,6 +96,7 @@ further digging of an existing hole finishes in a single turn
 only prefix shopkeeper names with "Mr." or "Ms." when not a personal name
 green slime should not affect noncorporeal monsters
 land mine explosion will destroy a drawbridge at same location
+avoid some more buffer overflows in query buffers containing object names
 
 
 Platform- and/or Interface-Specific Fixes

src/do_name.c

@@ -308,8 +308,11 @@ register struct obj *obj;
 	const char *aname;
 	short objtyp;
 
-	Sprintf(qbuf, "What do you want to name %s %s?",
-		is_plural(obj) ? "these" : "this", xname(obj));
+	Sprintf(qbuf, "What do you want to name %s ",
+		is_plural(obj) ? "these" : "this");
+	Sprintf(eos(qbuf), "%s?",
+		safe_qbuf(qbuf, sizeof("?"),
+			  xname(obj), simple_typename(obj->otyp), ""));
 	getlin(qbuf, buf);
 	if(!*buf || *buf == '\033')	return;
 	/* strip leading and trailing spaces; unnames item if all spaces */

src/eat.c

@@ -2552,19 +2552,21 @@ floorfood(verb,corpsecheck)	/* get food from floor or pack */
 
 	/* Is there some food (probably a heavy corpse) here on the ground? */
 	for (otmp = level.objects[u.ux][u.uy]; otmp; otmp = otmp->nexthere) {
-		if(corpsecheck ?
+	    if (corpsecheck ?
 		(otmp->otyp==CORPSE && (corpsecheck == 1 || tinnable(otmp))) :
 		    feeding ? (otmp->oclass != COIN_CLASS && is_edible(otmp)) :
 						otmp->oclass==FOOD_CLASS) {
-			Sprintf(qbuf, "There %s %s here; %s %s?",
-				otense(otmp, "are"),
-				doname(otmp), verb,
-				(otmp->quan == 1L) ? "it" : "one");
-			if((c = yn_function(qbuf,ynqchars,'n')) == 'y')
-				return(otmp);
-			else if(c == 'q')
-				return((struct obj *) 0);
-		}
+		Sprintf(qbuf, "There %s ", otense(otmp, "are"));
+		Sprintf(eos(qbuf), "%s here; %s %s?",
+			safe_qbuf(qbuf, sizeof(" here;  ...?") + strlen(verb),
+				  doname(otmp), simple_typename(otmp->otyp),
+				  "something"),
+			verb, (otmp->quan == 1L) ? "it" : "one");
+		if ((c = yn_function(qbuf,ynqchars,'n')) == 'y')
+		    return(otmp);
+		else if (c == 'q')
+		    return((struct obj *) 0);
+	    }
 	}
 
  skipfloor:

src/invent.c

@@ -1367,7 +1367,7 @@ register int FDECL((*fn),(OBJ_P)), FDECL((*ckfn),(OBJ_P));
 	register char sym, ilet;
 	register int cnt = 0, dud = 0, tmp;
 	boolean takeoff, nodot, ident, ininv;
-	char qbuf[QBUFSZ];
+	char qbuf[BUFSZ];
 
 	takeoff = taking_off(word);
 	ident = !strcmp(word, "identify");
@@ -1390,10 +1390,17 @@ nextclass:
 		if (ident && !not_fully_identified(otmp)) continue;
 		if (ckfn && !(*ckfn)(otmp)) continue;
 		if (!allflag) {
-			Strcpy(qbuf, !ininv ? doname(otmp) :
-				xprname(otmp, (char *)0, ilet, !nodot, 0L, 0L));
-			Strcat(qbuf, "?");
-			sym = (takeoff || ident || otmp->quan < 2L) ?
+		    Strcpy(qbuf, !ininv ? doname(otmp) :
+			   xprname(otmp, (char *)0, ilet, !nodot, 0L, 0L));
+		    /* this code seemed too complex to use safe_qbuf */
+		    if (strlen(qbuf) > QBUFSZ - 20) {
+			Strcpy(qbuf,
+			       !ininv ? an(simple_typename(otmp->otyp)) :
+			       xprname(otmp, simple_typename(otmp->otyp),
+				       ilet, !nodot, 0L, 0L));
+		    }
+		    Strcat(qbuf, "?");
+		    sym = (takeoff || ident || otmp->quan < 2L) ?
 				nyaq(qbuf) : nyNaq(qbuf);
 		}
 		else	sym = 'y';
@@ -2999,17 +3006,19 @@ display_cinventory(obj)
 register struct obj *obj;
 {
 	struct obj *ret;
-	char tmp[QBUFSZ];
+	char qbuf[QBUFSZ];
 	int n;
 	menu_item *selected = 0;
 
-	Sprintf(tmp,"Contents of %s:", doname(obj));
+	Sprintf(qbuf,"Contents of %s:",
+		safe_qbuf("", sizeof("Contents of :"),
+			  doname(obj), simple_typename(obj->otyp), ""));
 
 	if (obj->cobj) {
-	    n = query_objlist(tmp, obj->cobj, INVORDER_SORT, &selected,
+	    n = query_objlist(qbuf, obj->cobj, INVORDER_SORT, &selected,
 			    PICK_NONE, allow_all);
 	} else {
-	    invdisp_nothing(tmp, "(empty)");
+	    invdisp_nothing(qbuf, "(empty)");
 	    n = 0;
 	}
 	if (n > 0) {