nethack-gwaa-kiwi/nethack
1
0
Fork 0
Code Pull Requests Activity

fix github issue #731 - accessing freed memory \

Browse Source 
after charging causes a ring to explode

Reported by gebulmer:  if charging exploded a ring, the ring's memory
got freed but the stale pointer was passed to cap_spe() which accessed
it again.  Fix by setting the object pointer to Null after using up
the ring.  This was a post-3.6 bug.

Fixes #731
This commit is contained in:
PatR
2022-04-13 13:34:14 -07:00
parent 670b7edf1d
commit 9c2a5cbcb8
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/read.c
View File

@@ -786,7 +786,7 @@ recharge(struct obj* obj, int curse_bless)
if (is_on)
Ring_gone(obj);
s = rnd(3 * abs(obj->spe)); /* amount of damage */
useup(obj);
useup(obj), obj = 0;
losehp(Maybe_Half_Phys(s), "exploding ring", KILLED_BY_AN);
} else {
long mask = is_on ? (obj == uleft ? LEFT_RING : RIGHT_RING) : 0L;