diff --git a/doc/fixes34.4 b/doc/fixes34.4 index 76a22c198..5d09fea56 100644 --- a/doc/fixes34.4 +++ b/doc/fixes34.4 @@ -96,6 +96,7 @@ further digging of an existing hole finishes in a single turn only prefix shopkeeper names with "Mr." or "Ms." when not a personal name green slime should not affect noncorporeal monsters land mine explosion will destroy a drawbridge at same location +avoid some more buffer overflows in query buffers containing object names Platform- and/or Interface-Specific Fixes diff --git a/src/do_name.c b/src/do_name.c index f534975b6..611d385bc 100644 --- a/src/do_name.c +++ b/src/do_name.c @@ -308,8 +308,11 @@ register struct obj *obj; const char *aname; short objtyp; - Sprintf(qbuf, "What do you want to name %s %s?", - is_plural(obj) ? "these" : "this", xname(obj)); + Sprintf(qbuf, "What do you want to name %s ", + is_plural(obj) ? "these" : "this"); + Sprintf(eos(qbuf), "%s?", + safe_qbuf(qbuf, sizeof("?"), + xname(obj), simple_typename(obj->otyp), "")); getlin(qbuf, buf); if(!*buf || *buf == '\033') return; /* strip leading and trailing spaces; unnames item if all spaces */ diff --git a/src/eat.c b/src/eat.c index 99aed8219..212bc3591 100644 --- a/src/eat.c +++ b/src/eat.c @@ -2552,19 +2552,21 @@ floorfood(verb,corpsecheck) /* get food from floor or pack */ /* Is there some food (probably a heavy corpse) here on the ground? */ for (otmp = level.objects[u.ux][u.uy]; otmp; otmp = otmp->nexthere) { - if(corpsecheck ? + if (corpsecheck ? (otmp->otyp==CORPSE && (corpsecheck == 1 || tinnable(otmp))) : feeding ? (otmp->oclass != COIN_CLASS && is_edible(otmp)) : otmp->oclass==FOOD_CLASS) { - Sprintf(qbuf, "There %s %s here; %s %s?", - otense(otmp, "are"), - doname(otmp), verb, - (otmp->quan == 1L) ? "it" : "one"); - if((c = yn_function(qbuf,ynqchars,'n')) == 'y') - return(otmp); - else if(c == 'q') - return((struct obj *) 0); - } + Sprintf(qbuf, "There %s ", otense(otmp, "are")); + Sprintf(eos(qbuf), "%s here; %s %s?", + safe_qbuf(qbuf, sizeof(" here; ...?") + strlen(verb), + doname(otmp), simple_typename(otmp->otyp), + "something"), + verb, (otmp->quan == 1L) ? "it" : "one"); + if ((c = yn_function(qbuf,ynqchars,'n')) == 'y') + return(otmp); + else if (c == 'q') + return((struct obj *) 0); + } } skipfloor: diff --git a/src/invent.c b/src/invent.c index b2950569f..3061ce41c 100644 --- a/src/invent.c +++ b/src/invent.c @@ -1367,7 +1367,7 @@ register int FDECL((*fn),(OBJ_P)), FDECL((*ckfn),(OBJ_P)); register char sym, ilet; register int cnt = 0, dud = 0, tmp; boolean takeoff, nodot, ident, ininv; - char qbuf[QBUFSZ]; + char qbuf[BUFSZ]; takeoff = taking_off(word); ident = !strcmp(word, "identify"); @@ -1390,10 +1390,17 @@ nextclass: if (ident && !not_fully_identified(otmp)) continue; if (ckfn && !(*ckfn)(otmp)) continue; if (!allflag) { - Strcpy(qbuf, !ininv ? doname(otmp) : - xprname(otmp, (char *)0, ilet, !nodot, 0L, 0L)); - Strcat(qbuf, "?"); - sym = (takeoff || ident || otmp->quan < 2L) ? + Strcpy(qbuf, !ininv ? doname(otmp) : + xprname(otmp, (char *)0, ilet, !nodot, 0L, 0L)); + /* this code seemed too complex to use safe_qbuf */ + if (strlen(qbuf) > QBUFSZ - 20) { + Strcpy(qbuf, + !ininv ? an(simple_typename(otmp->otyp)) : + xprname(otmp, simple_typename(otmp->otyp), + ilet, !nodot, 0L, 0L)); + } + Strcat(qbuf, "?"); + sym = (takeoff || ident || otmp->quan < 2L) ? nyaq(qbuf) : nyNaq(qbuf); } else sym = 'y'; @@ -2999,17 +3006,19 @@ display_cinventory(obj) register struct obj *obj; { struct obj *ret; - char tmp[QBUFSZ]; + char qbuf[QBUFSZ]; int n; menu_item *selected = 0; - Sprintf(tmp,"Contents of %s:", doname(obj)); + Sprintf(qbuf,"Contents of %s:", + safe_qbuf("", sizeof("Contents of :"), + doname(obj), simple_typename(obj->otyp), "")); if (obj->cobj) { - n = query_objlist(tmp, obj->cobj, INVORDER_SORT, &selected, + n = query_objlist(qbuf, obj->cobj, INVORDER_SORT, &selected, PICK_NONE, allow_all); } else { - invdisp_nothing(tmp, "(empty)"); + invdisp_nothing(qbuf, "(empty)"); n = 0; } if (n > 0) {