phase_of_moon and friday_13th determined using rn2() instead of local
time if fuzzing. Don't reseed using init_random() if fuzzing. Allow
set_random to be called outside of hacklib. rn2_on_display_rng uses
rn2 if fuzzing so that we have a single source of random that we can
ensure is reproducible. Implement rul() that returns a random unsigned
long. Fix bug in fuzzer handling of ntposkey which would cause us to use
unitialized values for x and y. Added command line arguments to allow
auto starting and stopping of fuzzer. Add a logging facility for the
fuzzer to use to record activity. Added some scripts used to automate
fuzzer testing on windows.
This is branched from Alex's hallu-rng-stability branch,
with two build corrections (detect.c, zap.c), and merged
with the isaac64 branch that we have ready to go.
Alex's dual rng is supported by setting up the array
of multiple isaac64 contexts.
I stuck with Alex's approach of passing the rng function
name around as the parameter (rng or rn2_on_display_rng)
for the new additional parameter needed for
set_random(), init_random(), reseed_random(),
and init_isaac64().
move some system-specific seed-related stuff from hacklib.c to
a system-specific source file and #define SYS_RANDOM_SEED to
utilize it during build.
Windows changes for random seed generation using
crypto next gen (CNG) api routines.
Corresponding vms changes due to disentangling of VMS and
unix when the unix seed bits got moved (untested).
For platforms that read from the system's random number generator,
reseed during level change, before the map of a new level is created and
after level creation has finished.
Linux and BSD system have random number source devices that can be used
as source for a unguessable seed source.
Other platforms fall back to generate the seed with gettime().
I can't find the original message at the moment, but one of the things
that an analyzer complained about was the *s='\0' possibly assigning
to a Null pointer. The superfluous test of 's' in the while condition
has fooled it into thinking that's possible when it's not.
if (s) {
while (s && ...) {
*s++ = ...
}
*s = '\0';
}
The expression '*cp-- = cp[-count]' is not valid C. There's no sequence
point between the two references to 'cp', and the decrement side-effect
could occur before or after cp[-count] is resolved.
The functions were also using ANSI-style argument definitions. The rest
is just reformatting.
It seems to me that the strbuf structure ought to have an allocation
size field in addition to the current length field. Otherwise a string
which gets shortened will forget about the extra length available for
later expansion, potentially resulting in unnecessary reallocation.
Defined strbuf_t and related routines to support dynamically sized
strings. Modified strip_newline() to strip the last newline in a string
instead of the first.
Simplified splash window code using new strbuf_t.
Prior to exiting game, re-enable getreturn and call wait_synch() in
case there is buffered raw prints that must be displayed to user.
This adds new utility routine strNsubst(), a more versatile version
of the existing strsubst(), that can replace the Nth occurrence of
a substring rather than just the first, and replaces all occurrences
if N is 0.
When working on vampire shape-shifting messages a few days ago I
noticed that a constructed pline/sprintf format was vulnerable to
the player giving the vampire a name with '%' in it and included
a fix for that. This fixes two other instances of the same
vulnerability: a monster with reflection triggering a floating
eye's gaze and the hero using a silver weapon against a silver-
hating monster.
I didn't do a lot of experimenting with the failure, just assigned
the name "foo%s" to the floating eye or the weapon. The resulting
feedback for the relevant messages was garbled due to parameters
being substituted in the wrong place. When that caused there to be
too few arguments to satisfy the format, the final message included
"null" for the missing one rather than triggering a crash while
trying to format something arbitrary from the stack.
I don't think these bugs provided sufficient user control to be
vulnerable to stack manipulation that does something naughty.
I found the dynamic format strings by searching for "%%". There
may be others scattered around the code which don't have that as
an indicator....
This is a modified version of Jason Dorje Short's key rebinding
patch, and allows also binding special keys, such as the ones
used in getloc and getpos.
One of the ways to play NetHack on nethack.alt.org is via a HTML
terminal in browser. Unfortunately this means several ctrl-key
combinations cannot be entered, because the browser intercepts
those. Similar thing applies to some international keyboard layouts
on Windows. With this patch, the user can just rebind the command
to a key that works best for them.
I've tested this on Linux TTY, X11, and Windows TTY and GUI.
The bug report assumed "you mime throwwing something" feedback
from 't-' was a typo, but 'throwwing' gets generated from 'throw'.
Change ing_suffix() not to double final 'w'. Presumeably 'w' and 'y'
are exceptions because they're sometimes used as vowels.
Change 'strrchr()' to 'rindex()' like the rest of nethack. Someday
those will need to be switched the other way around.
Add some missing bounds checking, although since ing_suffix() isn't
used for user-supplied strings, that's probably superfluous.
In light of the recent 'bad options' feedback issue where \r messed
up message display, try to to make newline handling be more consistent.
I'm sure there are lots of places that still handle \n manually, but
it's a start.
60: getpos() doesn't report the offending keystroke accurately when
rejecting M-something as a movement keystroke while moving the cursor;
61: typing M-N as a command keystroke produces
|Unknown command 'M-
| '.
where the '.' on the second line clobbers the top line of the map.
I can't reproduce the first one without extending the altmeta hack
[a run-time option to treat two char sequence ESC c as M-c] to getpos()
and nh_poskey(), which I've done for testing but am not including here.
I can't reproduce the second as it's described, but M-^J produces
|Unknown command 'M-
|'.--More--
and this fixes that, with a general fix that applies to any meta char.
The diffs include some cleanup/groundwork for maybe extending altmeta.
Move this small utility routine to hacklib.c where other such things
live and where it's feasible to find them if you need the functionality
elsewhere.
hacklib.c took a beating in the reformatting, so clean it up.
A tweak to the anti-predictability hack in setrandom() is the only
change in the actual code.
I'll push a formatting guide at some point. There may still be
outstanding changes, but please feel free to resolve those as you arrive
a them.
To the best of my knowledge, there is no changes to the actual code
content, but the formatter does have the occasional bug. If you run into
an issue, please fix it!
Replace most uses of isspace() with a simple test for ' ' after
processing the string buffer with mungspaces (which replaces tab
with space, converts instances of consecutive whitespace into a
single space, and removes leading and trailing spaces). The uses
where this wasn't done now cast their argument to (uchar) so that
platforms with signed chars will never pass negative values to it.
I didn't mess with the menu coloring code (except for casts to the
isspace() argument); it almost certainly could benefit from using
mungspaces. I did mess with the symset processing quite a bit,
and hope I haven't accidentally broken anything. Default symbols
and DECgraphics symbols still parse and display ok, so the rest of
dat/symbols should be ok too. I didn't test symbols in the user's
config file because I don't remember how that's supposed to work.
A recent fault on mingw32 revealed that faulty
code which passes a bad or out-of-range date
value could have game-fatal consequences.
Add some protection.
Add pmatchi() to perform case-insensitive wildcard matching, and
pmatchz() which is also case-insensitive and ignores spaces, dashes,
and underscores like the type of matching done during wish parsing.
At the moment, neither is being used, although DEBUGFILES handling
uses pmatch and needs to be taught to distinguish between case-
sensitive and case-insensitive filenames so will eventually use
pmatchi when appropriate.
This is originally Derek's change from Spork, but sniping it
so we can mark this done for now, and can move on with the
nextversion.
Better solution is to use something like the ISAAC PRNG, which
cannot be predicted.
This reverts commit 7f0f43e6f9 and some related
subsequent commits.
This compiles, but I have not done extensive testing.
Conflicts:
include/config.h
include/decl.h
include/extern.h
include/global.h
include/tradstdc.h
include/wintty.h
src/drawing.c
src/files.c
src/hacklib.c
src/mapglyph.c
src/options.c
sys/winnt/nttty.c
win/tty/getline.c
win/tty/topl.c
win/tty/wintty.c
This reverts commit 7f0f43e6f9 and some related
subsequent commits.
This compiles, but I have not done extensive testing.
Conflicts:
include/config.h
include/decl.h
include/extern.h
include/global.h
include/tradstdc.h
include/wintty.h
src/drawing.c
src/files.c
src/hacklib.c
src/mapglyph.c
src/options.c
sys/winnt/nttty.c
win/tty/getline.c
win/tty/topl.c
win/tty/wintty.c
