fix #H267 - wielded object burning up panic/crash
From a bug report: having a lit candle or potion of oil be wielded or "worn" as alternate weapon or quiver at the time it finished burning up would leave a stale worn object pointer which could trigger a panic or crash. Need to call useup() instead of obj_extract_self()+obfree() for objects in inventory, similar to the way hatching eggs are handled.
This commit is contained in:
@@ -337,6 +337,8 @@ when shopkeeper "gratefully inherits possessions" of hero who dies in shop
|
||||
dying in a shop while wielding two weapons could cause "Setworn: mask" warning
|
||||
make score file processing more bullet proof to avoid potential security issue
|
||||
towel equipped in weapon, alternate weapon, or quiver slot can be applied
|
||||
lit candle or potion of oil which burned out while equipped would leave stale
|
||||
weapon/alternate-weapon/quiver pointer that could cause panic or crash
|
||||
|
||||
|
||||
Platform- and/or Interface-Specific Fixes
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
/* SCCS Id: @(#)timeout.c 3.5 2007/02/05 */
|
||||
/* SCCS Id: @(#)timeout.c 3.5 2007/03/15 */
|
||||
/* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
|
||||
/* NetHack may be freely redistributed. See license for details. */
|
||||
|
||||
@@ -803,7 +803,8 @@ long timeout;
|
||||
if (menorah) {
|
||||
obj->spe = 0; /* no more candles */
|
||||
} else if (Is_candle(obj) || obj->otyp == POT_OIL) {
|
||||
/* get rid of candles and burning oil potions */
|
||||
/* get rid of candles and burning oil potions;
|
||||
we know this object isn't carried by hero */
|
||||
obj_extract_self(obj);
|
||||
obfree(obj, (struct obj *)0);
|
||||
obj = (struct obj *) 0;
|
||||
@@ -844,8 +845,12 @@ long timeout;
|
||||
}
|
||||
}
|
||||
end_burn(obj, FALSE); /* turn off light source */
|
||||
obj_extract_self(obj);
|
||||
obfree(obj, (struct obj *)0);
|
||||
if (carried(obj)) {
|
||||
useupall(obj);
|
||||
} else {
|
||||
obj_extract_self(obj);
|
||||
obfree(obj, (struct obj *)0);
|
||||
}
|
||||
obj = (struct obj *) 0;
|
||||
break;
|
||||
|
||||
@@ -1016,8 +1021,12 @@ long timeout;
|
||||
if (menorah) {
|
||||
obj->spe = 0;
|
||||
} else {
|
||||
obj_extract_self(obj);
|
||||
obfree(obj, (struct obj *)0);
|
||||
if (carried(obj)) {
|
||||
useupall(obj);
|
||||
} else {
|
||||
obj_extract_self(obj);
|
||||
obfree(obj, (struct obj *)0);
|
||||
}
|
||||
obj = (struct obj *) 0;
|
||||
}
|
||||
break;
|
||||
|
||||
Reference in New Issue
Block a user