From e77ea2ae612f47ad32f856a1d3c997231979f992 Mon Sep 17 00:00:00 2001
From: Pasi Kallinen <paxed@alt.org>
Date: Wed, 15 Apr 2015 17:06:39 +0300
Subject: [PATCH 1/7] Prevent segfault when looking around inside monster

A recent change by me introduced a segfault when
counting swallowed hero as a monster inventory item.
---
 src/pickup.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/pickup.c b/src/pickup.c
index 604d224c6..fe6a991a5 100644
--- a/src/pickup.c
+++ b/src/pickup.c
@@ -708,7 +708,7 @@ menu_item **pick_list;		/* return list of items picked */
 int how;			/* type of query */
 boolean FDECL((*allow), (OBJ_P));/* allow function */
 {
-	int i, n;
+	int i, n, actualn;
 	winid win;
 	struct obj *curr, *last, fake_hero_object;
 	struct obj **oarray;
@@ -727,7 +727,7 @@ boolean FDECL((*allow), (OBJ_P));/* allow function */
 		last = curr;
 		n++;
 	    }
-
+	actualn = n;
 	if (engulfer) {
 	    ++n;
 	    /* don't autoselect swallowed hero if it's the only choice */
@@ -744,7 +744,7 @@ boolean FDECL((*allow), (OBJ_P));/* allow function */
 	    return 1;
 	}
 
-	oarray = objarr_init(n);
+	oarray = objarr_init(actualn);
 	/* Add objects to the array */
 	i = 0;
 	for (curr = olist; curr; curr = FOLLOW(curr, qflags)) {
@@ -767,7 +767,7 @@ boolean FDECL((*allow), (OBJ_P));/* allow function */
 	pack = flags.inv_order;
 	do {
 	    printed_type_name = FALSE;
-	    for (i = 0; i < n; i++) {
+	    for (i = 0; i < actualn; i++) {
 		curr = oarray[i];
 		if ((qflags & FEEL_COCKATRICE) && curr->otyp == CORPSE &&
 		     will_feel_cockatrice(curr, FALSE)) {

From 35e0027328718fbd0b94f0ca5ecdd8da2e727715 Mon Sep 17 00:00:00 2001
From: Pasi Kallinen <paxed@alt.org>
Date: Wed, 15 Apr 2015 19:43:32 +0300
Subject: [PATCH 2/7] Prevent out-of-bounds coords when closing a door

---
 src/lock.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/lock.c b/src/lock.c
index c29be8549..26abde26a 100644
--- a/src/lock.c
+++ b/src/lock.c
@@ -692,6 +692,8 @@ doclose()		/* try to close a door */
 		return(1);
 	}
 
+	if (!isok(x,y)) goto nodoor;
+
 	if ((mtmp = m_at(x,y))				&&
 		mtmp->m_ap_type == M_AP_FURNITURE	&&
 		(mtmp->mappearance == S_hcdoor ||
@@ -723,8 +725,10 @@ doclose()		/* try to close a door */
 		    pline_The("drawbridge is already closed.");
 		else if (portcullis || door->typ == DRAWBRIDGE_DOWN)
 		    There("is no obvious way to close the drawbridge.");
-		else
+		else {
+nodoor:
 		    You("%s no door there.", Blind ? "feel" : "see");
+		}
 		return res;
 	}
 

From 97f6834730c53204ace1b9a9d483a897e406dff6 Mon Sep 17 00:00:00 2001
From: Pasi Kallinen <paxed@alt.org>
Date: Wed, 15 Apr 2015 20:06:38 +0300
Subject: [PATCH 3/7] Prevent infinite loop

...if the map is filled with monsters, and for some reason
the drowning just won't kill you.

Infinite looping cannot currently happen, because no-one who
can drown can keep surviving the drowning once their amulet
of life saving is used up.
---
 src/trap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/trap.c b/src/trap.c
index aff2b9719..037c73255 100644
--- a/src/trap.c
+++ b/src/trap.c
@@ -3470,7 +3470,7 @@ drown()
 	}
 	u.uinwater = 1;
 	You("drown.");
-	for (;;) {
+	for (i = 0; i < 5; i++) { /* arbitrary number of loops */
 	    /* killer format and name are reconstructed every iteration
 	       because lifesaving resets them */
 	    pool_of_water = waterbody_name(u.ux, u.uy);

From 5a08671fc0ee4e40d119f6f36cd2ed278c0d794f Mon Sep 17 00:00:00 2001
From: Pasi Kallinen <paxed@alt.org>
Date: Wed, 15 Apr 2015 20:35:48 +0300
Subject: [PATCH 4/7] Prevent illegal positions for tmp_at

It seems like m_throw() can call tmp_at() with !isok coordinates,
so prevent those in both functions
---
 src/display.c | 1 +
 src/mthrowu.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/display.c b/src/display.c
index 1369fbfb3..399bb1842 100644
--- a/src/display.c
+++ b/src/display.c
@@ -900,6 +900,7 @@ tmp_at(x, y)
 	    break;
 
 	default:	/* do it */
+	    if (!isok(x,y)) break;
 	    if (tglyph->style == DISP_BEAM || tglyph->style == DISP_ALL) {
 		if (tglyph->style != DISP_ALL && !cansee(x,y)) break;
 		if (tglyph->sidx >= TMP_AT_MAX_GLYPHS) break; /* too many locations */
diff --git a/src/mthrowu.c b/src/mthrowu.c
index e61814321..1ff6cddc3 100644
--- a/src/mthrowu.c
+++ b/src/mthrowu.c
@@ -440,7 +440,7 @@ struct obj *obj;		/* missile (or stack providing it) */
 		tmp_at(bhitpos.x, bhitpos.y);
 		delay_output();
 	}
-	tmp_at(bhitpos.x, bhitpos.y);
+	if (isok(bhitpos.x, bhitpos.y)) tmp_at(bhitpos.x, bhitpos.y);
 	delay_output();
 	tmp_at(DISP_END, 0);
 

From 38bdb175cceb800087570656d37087866c1d6272 Mon Sep 17 00:00:00 2001
From: Pasi Kallinen <paxed@alt.org>
Date: Wed, 15 Apr 2015 21:05:42 +0300
Subject: [PATCH 5/7] Prevent divide by zero in newman

...which happened when your max power was 0
---
 src/polyself.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/polyself.c b/src/polyself.c
index 023b1f44a..df78a3bc4 100644
--- a/src/polyself.c
+++ b/src/polyself.c
@@ -300,7 +300,7 @@ newman()
 	enmax = rounddiv((long)enmax * (long)rn1(4, 8), 10);
 	for (i = 0; (u.ulevel = i) < newlvl; i++) enmax += newpw();
 	if (enmax < u.ulevel) enmax = u.ulevel;
-	u.uen = rounddiv((long)u.uen * (long)enmax, u.uenmax);
+	u.uen = rounddiv((long)u.uen * (long)enmax, ((u.uenmax < 1) ? 1 : u.uenmax));
 	u.uenmax = enmax;
 	/* [should alignment record be tweaked too?] */
 

From d52c6a208df4467398f90693b3b380e9e09ea7f3 Mon Sep 17 00:00:00 2001
From: nhmall <mjnh@persona.ca>
Date: Fri, 17 Apr 2015 00:12:53 -0400
Subject: [PATCH 6/7] date verification

---
 src/hacklib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/hacklib.c b/src/hacklib.c
index e0806027f..cf2dbea62 100644
--- a/src/hacklib.c
+++ b/src/hacklib.c
@@ -783,6 +783,7 @@ time_t date;
 	Sprintf(datestr, "%04ld%02d%02d%02d%02d%02d",
 		datenum, lt->tm_mon + 1, lt->tm_mday,
 		lt->tm_hour, lt->tm_min, lt->tm_sec);
+	debugpline1("yyyymmddhhmmss() produced date string %s", datestr);
 	return(datestr);
 }
 

From f6bf9f9999370d13016218057a56c81e8192ec0d Mon Sep 17 00:00:00 2001
From: nhmall <mjnh@persona.ca>
Date: Fri, 17 Apr 2015 00:31:22 -0400
Subject: [PATCH 7/7] protect against bad dates

A recent fault on mingw32 revealed that faulty
code which passes a bad or out-of-range date
value could have game-fatal consequences.
Add some protection.
---
 src/hacklib.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/hacklib.c b/src/hacklib.c
index cf2dbea62..4788f2d08 100644
--- a/src/hacklib.c
+++ b/src/hacklib.c
@@ -792,6 +792,7 @@ time_from_yyyymmddhhmmss(buf)
 char *buf;
 {
 	int k;
+	time_t timeresult;
 	struct tm t, *lt;
 	char *g, *p, y[5],mo[3],md[3],h[3],mi[3],s[3];
 	if (buf && strlen(buf) == 14) {
@@ -829,8 +830,13 @@ char *buf;
 			t.tm_hour = atoi(h);
 			t.tm_min  = atoi(mi);
 			t.tm_sec  = atoi(s);
-			return mktime(&t);
+			timeresult = mktime(&t);
 		}
+		if ((int)timeresult == -1)
+		    debugpline1("time_from_yyyymmddhhmmss(%s) would have returned -1",
+				buf ? buf : "");
+		else
+		    return timeresult;
 	}
 	return (time_t)0;
 }