nethack-gwaa-kiwi/nethack
1
0
Fork 0
Code Pull Requests Activity

Clear tin-eating struct when object goes away

Browse Source 
The tin-eating context was pointing to a non-existent object,
causing an error when the fuzzer somehow managed to continue eating
the freed tin object.
Clear the pointer when the tin leaves inventory or the object
is deleted.
This commit is contained in:
Pasi Kallinen
2025-01-03 22:21:11 +02:00
parent ba731a346b
commit 9313fb7747
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/invent.c
View File

@@ -1373,6 +1373,11 @@ freeinv_core(struct obj *obj)
} else if (obj->otyp == FIGURINE && obj->timed) {
(void) stop_timer(FIG_TRANSFORM, obj_to_any(obj));
}
if (obj == svc.context.tin.tin) {
svc.context.tin.tin = (struct obj *) 0;
svc.context.tin.o_id = 0;
}
}
/* remove an object from the hero's inventory */

4
src/mkobj.c
View File

@@ -2711,6 +2711,10 @@ dealloc_obj(struct obj *obj)
gt.thrownobj = 0;
if (obj == gk.kickedobj)
gk.kickedobj = 0;
if (obj == svc.context.tin.tin) {
svc.context.tin.tin = (struct obj *) 0;
svc.context.tin.o_id = 0;
}
/* if obj came from the most recent splitobj(), it's no longer eligible
for unsplitobj(); perform inline clear_splitobjs() */