fix #H267 - wielded object burning up panic/crash

From a bug report:  having a lit
candle or potion of oil be wielded or "worn" as alternate weapon or quiver
at the time it finished burning up would leave a stale worn object pointer
which could trigger a panic or crash.  Need to call useup() instead of
obj_extract_self()+obfree() for objects in inventory, similar to the way
hatching eggs are handled.
This commit is contained in:
nethack.rankin
2007-03-16 01:56:43 +00:00
parent a2a5df0932
commit f480c57af0
2 changed files with 17 additions and 6 deletions

View File

@@ -337,6 +337,8 @@ when shopkeeper "gratefully inherits possessions" of hero who dies in shop
dying in a shop while wielding two weapons could cause "Setworn: mask" warning
make score file processing more bullet proof to avoid potential security issue
towel equipped in weapon, alternate weapon, or quiver slot can be applied
lit candle or potion of oil which burned out while equipped would leave stale
weapon/alternate-weapon/quiver pointer that could cause panic or crash
Platform- and/or Interface-Specific Fixes

View File

@@ -1,4 +1,4 @@
/* SCCS Id: @(#)timeout.c 3.5 2007/02/05 */
/* SCCS Id: @(#)timeout.c 3.5 2007/03/15 */
/* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
/* NetHack may be freely redistributed. See license for details. */
@@ -803,7 +803,8 @@ long timeout;
if (menorah) {
obj->spe = 0; /* no more candles */
} else if (Is_candle(obj) || obj->otyp == POT_OIL) {
/* get rid of candles and burning oil potions */
/* get rid of candles and burning oil potions;
we know this object isn't carried by hero */
obj_extract_self(obj);
obfree(obj, (struct obj *)0);
obj = (struct obj *) 0;
@@ -844,8 +845,12 @@ long timeout;
}
}
end_burn(obj, FALSE); /* turn off light source */
obj_extract_self(obj);
obfree(obj, (struct obj *)0);
if (carried(obj)) {
useupall(obj);
} else {
obj_extract_self(obj);
obfree(obj, (struct obj *)0);
}
obj = (struct obj *) 0;
break;
@@ -1016,8 +1021,12 @@ long timeout;
if (menorah) {
obj->spe = 0;
} else {
obj_extract_self(obj);
obfree(obj, (struct obj *)0);
if (carried(obj)) {
useupall(obj);
} else {
obj_extract_self(obj);
obfree(obj, (struct obj *)0);
}
obj = (struct obj *) 0;
}
break;