From e138f497ff36beecebb57de522a3de0a2b9f6c56 Mon Sep 17 00:00:00 2001 From: nhmall Date: Wed, 27 Dec 2023 10:49:21 -0500 Subject: [PATCH] static analyzer bits for bones.c src/bones.c(646): warning: Using uninitialized memory 'oldbonesid'. src/bones.c(646): warning: String 'oldbonesid' might not be zero-terminated. Also help prevent a buffer overflow on corrupt or ill-formed bones. --- src/bones.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/bones.c b/src/bones.c index 07a0670ba..587c58afc 100644 --- a/src/bones.c +++ b/src/bones.c @@ -598,7 +598,8 @@ getbones(void) { int ok; NHFILE *nhfp = (NHFILE *) 0; - char c = 0, *bonesid, oldbonesid[40]; /* was [10]; more should be safer */ + char c = 0, *bonesid, + oldbonesid[40] = { 0 }; /* was [10]; more should be safer */ if (discover) /* save bones files for real games */ return 0; @@ -640,8 +641,18 @@ getbones(void) string and wasn't recorded in the file */ mread(nhfp->fd, (genericptr_t) &c, sizeof c); /* length including terminating '\0' */ - mread(nhfp->fd, (genericptr_t) oldbonesid, - (unsigned) c); /* DD.nn or Qrrr.n for role rrr */ + if ((unsigned) c <= sizeof oldbonesid) { + mread(nhfp->fd, (genericptr_t) oldbonesid, + (unsigned) c); /* DD.nn or Qrrr.n for role rrr */ + } else { + if (wizard) + debugpline2("Abandoning bones , %u > %u.", + (unsigned) c, (unsigned) sizeof oldbonesid); + close_nhfile(nhfp); + compress_bonesfile(); + /* ToDo: maybe unlink these problematic bones? */ + return 0; + } } if (strcmp(bonesid, oldbonesid) != 0) { char errbuf[BUFSZ];