static analyzer bits for bones.c

src/bones.c(646): warning: Using uninitialized memory 'oldbonesid'. src/bones.c(646): warning: String 'oldbonesid' might not be zero-terminated. Also help prevent a buffer overflow on corrupt or ill-formed bones.
2023-12-27 10:49:21 -05:00
parent 80afc96def
commit e138f497ff
1 changed files with 14 additions and 3 deletions
--- a/src/bones.c
+++ b/src/bones.c
@@ -598,7 +598,8 @@ getbones(void)
 {
    int ok;
    NHFILE *nhfp = (NHFILE *) 0;
-    char c = 0, *bonesid, oldbonesid[40]; /* was [10]; more should be safer */
+    char c = 0, *bonesid,
+         oldbonesid[40] = { 0 }; /* was [10]; more should be safer */

    if (discover) /* save bones files for real games */
        return 0;
@@ -640,8 +641,18 @@ getbones(void)
               string and wasn't recorded in the file */
            mread(nhfp->fd, (genericptr_t) &c,
                  sizeof c); /* length including terminating '\0' */
-            mread(nhfp->fd, (genericptr_t) oldbonesid,
-                  (unsigned) c); /* DD.nn or Qrrr.n for role rrr */
+            if ((unsigned) c <= sizeof oldbonesid) {
+                mread(nhfp->fd, (genericptr_t) oldbonesid,
+                      (unsigned) c); /* DD.nn or Qrrr.n for role rrr */
+            } else {
+                if (wizard)
+                    debugpline2("Abandoning bones , %u > %u.",
+                                (unsigned) c, (unsigned) sizeof oldbonesid);
+                close_nhfile(nhfp);
+                compress_bonesfile();
+                /* ToDo: maybe unlink these problematic bones? */
+                return 0;
+            }
        }
        if (strcmp(bonesid, oldbonesid) != 0) {
            char errbuf[BUFSZ];