From e8a8f142aeb50e9d78a29ce0e643759b213de34b Mon Sep 17 00:00:00 2001 From: PatR Date: Sat, 10 Nov 2018 01:37:23 -0800 Subject: [PATCH] otransit_msg() fixes Fixes #156 githib issue #156 complains that "The Excalibur falls down the stairs," is using poor grammar despite the fact that the usual drop message is "You drop the +0 Excalibur." I agree. Change it to be "Excalibur falls down the stairs." (Drop message remains unchanged.) While looking at that, I noticed that when knocking other items down stairs, text was being appended to the formatted object name. It was probably safe due to the space reserved for inserting a prefix while formatting an object's name, which becomes available for a suffix after that name has been copied into otransit_msg()'s local buffer, but using a separate buffer is safer. --- doc/fixes36.2 | 3 +++ src/dokick.c | 29 +++++++++++++++++------------ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/doc/fixes36.2 b/doc/fixes36.2 index 47452ff97..96361d68a 100644 --- a/doc/fixes36.2 +++ b/doc/fixes36.2 @@ -189,6 +189,9 @@ fix odd wording "The boulder triggers and fills a pit" ^X status feedback: don't report "not wearing any armor" when wearing a shield attempting to #ride a long worm's tail could trigger impossible "worm_cross checking for non-adjacent location?" +avoid "The " in "The falls down stairs." +avoid potential buffer overflow if object with very long name knocks other + objects down stairs when dropped, thrown, or kicked there Fixes to Post-3.6.1 Problems that Were Exposed Via git Repository diff --git a/src/dokick.c b/src/dokick.c index 1bea20ab6..85d461696 100644 --- a/src/dokick.c +++ b/src/dokick.c @@ -1,4 +1,4 @@ -/* NetHack 3.6 dokick.c $NHDT-Date: 1517128663 2018/01/28 08:37:43 $ $NHDT-Branch: NetHack-3.6.0 $:$NHDT-Revision: 1.113 $ */ +/* NetHack 3.6 dokick.c $NHDT-Date: 1541842623 2018/11/10 09:37:03 $ $NHDT-Branch: NetHack-3.6.2-beta01 $:$NHDT-Revision: 1.122 $ */ /* Copyright (c) Izchak Miller, Mike Stephenson, Steve Linhart, 1989. */ /* NetHack may be freely redistributed. See license for details. */ @@ -1722,22 +1722,27 @@ register struct obj *otmp; register boolean nodrop; long num; { - char obuf[BUFSZ]; + char *optr = 0, obuf[BUFSZ], xbuf[BUFSZ]; - Sprintf(obuf, "%s%s", - (otmp->otyp == CORPSE && type_is_pname(&mons[otmp->corpsenm])) - ? "" - : "The ", - cxname(otmp)); + if (otmp->otyp == CORPSE) { + /* Tobjnam() calls xname() and would yield "The corpse"; + we want more specific "The newt corpse" or "Medusa's corpse" */ + optr = upstart(corpse_xname(otmp, (char *) 0, CXN_PFX_THE)); + } else { + optr = Tobjnam(otmp, (char *) 0); + } + Strcpy(obuf, optr); if (num) { /* means: other objects are impacted */ - Sprintf(eos(obuf), " %s %s object%s", otense(otmp, "hit"), - num == 1L ? "another" : "other", num > 1L ? "s" : ""); + /* 3.6.2: use a separate buffer for the suffix to avoid risk of + overrunning obuf[] (let pline() handle truncation if necessary) */ + Sprintf(xbuf, " %s %s object%s", otense(otmp, "hit"), + (num == 1L) ? "another" : "other", (num > 1L) ? "s" : ""); if (nodrop) - Sprintf(eos(obuf), "."); + Sprintf(eos(xbuf), "."); else - Sprintf(eos(obuf), " and %s %s.", otense(otmp, "fall"), gate_str); - pline1(obuf); + Sprintf(eos(xbuf), " and %s %s.", otense(otmp, "fall"), gate_str); + pline("%s%s", obuf, xbuf); } else if (!nodrop) pline("%s %s %s.", obuf, otense(otmp, "fall"), gate_str); }