Indent all labels one space. Having uniform placement makes spotting
them much easier. (Having no indent at all would impact the change
bars of 'git diff'. Those display the last unindented line--which
doesn't start with punctuation--occuring before each band of changes,
so usually the name of the function being changed now that we no
longer have unindented K&R-style function argument declarations.)
While in there, shorten or split various wide lines and replace a few
tabs with spaces.
Some warnings were mentioned
Add a prototype ahead of the function
Use a non-const copy of SERVER_ADMIN_MSG
quick-tested by:
- uncommenting the following in include/unixconf.h
/* #define SERVER_ADMIN_MSG "adminmsg" */
- building NetHack
- creating a test message:
echo "server_admin: system is going down at 2 pm" >~/nh/install/games/lib/nethackdir/adminmsg
- playtested and received the desired message
Whitelist all the verified existing triggers:
makedefs.c: In function ‘name_file’
attrib.c: one compiler balks at a ? b : c for fmtstring
cmd.c: In function ‘extcmd_via_menu’
cmd.c: In function ‘wiz_levltyp_legend’
do.c: In function ‘goto_level’
do_name.c: In function ‘coord_desc’
dungeon.c: In function ‘overview_stats’
eat.c: one compiler balks at a ? b : c for fmtstring
end.c: one compiler balks at a ? b : c for fmtstring
engrave.c: In function ‘engr_stats’
hack:c one compiler balks at a ? b : c for fmtstring
hacklib.c: one compiler balks at a ? b : c for fmtstring
insight.c: one compiler balks at a ? b : c for fmtstring
invent.c: In function ‘let_to_name’
light.c: In function ‘light_stats’
mhitm.c: In function ‘missmm’
options.c: In function ‘handler_symset’
options.c: In function ‘basic_menu_colors’
options.c: In function ‘optfn_o_autopickup_exceptions’
options.c: In function ‘optfn_o_menu_colors’
options.c: In function ‘optfn_o_message_types’
options.c: In function ‘optfn_o_status_cond’
options.c: In function ‘optfn_o_status_hilites’
options.c: In function ‘doset’
options.c: In function ‘doset_add_menu’
options.c: In function ‘show_menu_controls’
options.c: In function ‘handle_add_list_remove’
pager.c: In function ‘do_supplemental_info’
pager.c: In function ‘dohelp’
region.c: In function ‘region_stats’
rumors.c: sscanf usage
sounds.c: In function ‘domonnoise’
spell.c: In function ‘dospellmenu’
timeout.c: In function ‘timer_stats’
topten.c: In function ‘outentry’, fscanf, sscanf, fprintf usage
windows.c: In function ‘genl_status_update’
zap.c: one compiler balks at a ? b : c for fmtstring
win/curses/cursstat.c: In function ‘curses_status_update’
win/tty/wintty.c: In function ‘tty_status_update’
win/win32/mswproc.c: In function ‘mswin_status_update’
clear some -Wformat-overflow warnings being experienced with
i586-pc-msdosdjgpp-gcc (GCC) 10.2.0 cross-compiler
--
Warnings log:
botl.c: In function 'status_hilite_menu_add':
botl.c:3661:38: warning: ' or ' directive writing 4 bytes into a region of size between 1 and 80 [-Wformat-overflow=]
3661 | Sprintf(obuf, "%s or %s",
| ^~~~
In file included from ../include/config.h:631,
from ../include/hack.h:10,
from botl.c:6:
../include/global.h:274:24: note: 'sprintf' output between 5 and 163 bytes into a destination of size 80
274 | #define Sprintf (void) sprintf
botl.c:3661:21: note: in expansion of macro 'Sprintf'
3661 | Sprintf(obuf, "%s or %s",
| ^~~~~~~
do_name.c: In function 'getpos_menu':
do_name.c:594:37: warning: 'sprintf' may write a terminating nul past the end of the destination [-Wformat-overflow=]
594 | Sprintf(fullbuf, "%s%s%s", firstmatch,
| ^
In file included from ../include/config.h:631,
from ../include/hack.h:10,
from do_name.c:6:
../include/global.h:274:24: note: 'sprintf' output 1 or more bytes (assuming 257) into a destination of size 256
274 | #define Sprintf (void) sprintf
do_name.c:594:13: note: in expansion of macro 'Sprintf'
594 | Sprintf(fullbuf, "%s%s%s", firstmatch,
| ^~~~~~~
dungeon.c: In function 'print_dungeon':
dungeon.c:2172:27: warning: '%s' directive writing up to 1407 bytes into a region of size 256 [-Wformat-overflow=]
2172 | Sprintf(buf, "%s: %s %d", dptr->dname, descr, dptr->depth_start);
| ^~
In file included from ../include/config.h:631,
from ../include/hack.h:10,
from dungeon.c:6:
../include/global.h:274:24: note: 'sprintf' output between 10 and 1427 bytes into a destination of size 256
274 | #define Sprintf (void) sprintf
dungeon.c:2172:13: note: in expansion of macro 'Sprintf'
2172 | Sprintf(buf, "%s: %s %d", dptr->dname, descr, dptr->depth_start);
| ^~~~~~~
dungeon.c:2169:27: warning: '%s' directive writing up to 1407 bytes into a region of size 256 [-Wformat-overflow=]
2169 | Sprintf(buf, "%s: %s %d to %d", dptr->dname, makeplural(descr),
| ^~
dungeon.c:2169:26: note: directive argument in the range [-2147483647, 2147483646]
2169 | Sprintf(buf, "%s: %s %d to %d", dptr->dname, makeplural(descr),
| ^~~~~~~~~~~~~~~~~
In file included from ../include/config.h:631,
from ../include/hack.h:10,
from dungeon.c:6:
../include/global.h:274:24: note: 'sprintf' output 10 or more bytes (assuming 1427) into a destination of size 256
274 | #define Sprintf (void) sprintf
dungeon.c:2169:13: note: in expansion of macro 'Sprintf'
2169 | Sprintf(buf, "%s: %s %d to %d", dptr->dname, makeplural(descr),
| ^~~~~~~
dungeon.c: In function 'print_mapseen':
dungeon.c:3185:33: warning: '%s' directive writing up to 255 bytes into a region of size 249 [-Wformat-overflow=]
3185 | Sprintf(outbuf, " (play %s to open or close drawbridge)", tmp);
| ^~ ~~~
In file included from ../include/config.h:631,
from ../include/hack.h:10,
from dungeon.c:6:
../include/global.h:274:24: note: 'sprintf' output between 37 and 292 bytes into a destination of size 256
274 | #define Sprintf (void) sprintf
dungeon.c:3185:9: note: in expansion of macro 'Sprintf'
3185 | Sprintf(outbuf, " (play %s to open or close drawbridge)", tmp);
| ^~~~~~~
dungeon.c:3350:35: warning: '%s' directive writing up to 255 bytes into a region of size 240 [-Wformat-overflow=]
3350 | Sprintf(buf, "%sThe castle%s.", PREFIX, tunesuffix(mptr, tmpbuf));
| ^~
In file included from ../include/config.h:631,
from ../include/hack.h:10,
from dungeon.c:6:
../include/global.h:274:24: note: 'sprintf' output between 18 and 273 bytes into a destination of size 256
274 | #define Sprintf (void) sprintf
dungeon.c:3350:9: note: in expansion of macro 'Sprintf'
3350 | Sprintf(buf, "%sThe castle%s.", PREFIX, tunesuffix(mptr, tmpbuf));
| ^~~~~~~
explode.c:541:69: warning: '%s' directive writing up to 255 bytes into a region of size 236 [-Wformat-overflow=]
541 | Sprintf(g.killer.name, "caught %sself in %s own %s", uhim(),
| ^~
In file included from ../include/config.h:631,
from ../include/hack.h:10,
from explode.c:5:
../include/global.h:274:24: note: 'sprintf' output 21 or more bytes (assuming 276) into a destination of size 256
274 | #define Sprintf (void) sprintf
explode.c:541:21: note: in expansion of macro 'Sprintf'
541 | Sprintf(g.killer.name, "caught %sself in %s own %s", uhim(),
| ^~~~~~~
hacklib.c: In function 'yyyymmddhhmmss':
hacklib.c:1034:28: warning: '%02d' directive writing between 2 and 11 bytes into a region of size between 4 and 11 [-Wformat-overflow=]
1034 | Sprintf(datestr, "%04ld%02d%02d%02d%02d%02d", datenum, lt->tm_mon + 1,
| ^~~~
hacklib.c:1034:22: note: directive argument in the range [-2147483647, 2147483647]
1034 | Sprintf(datestr, "%04ld%02d%02d%02d%02d%02d", datenum, lt->tm_mon + 1,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../include/config.h:631,
from ../include/hack.h:10,
from hacklib.c:7:
../include/global.h:274:24: note: 'sprintf' output between 15 and 67 bytes into a destination of size 15
274 | #define Sprintf (void) sprintf
hacklib.c:1034:5: note: in expansion of macro 'Sprintf'
1034 | Sprintf(datestr, "%04ld%02d%02d%02d%02d%02d", datenum, lt->tm_mon + 1,
| ^~~~~~~
Use a wrapper around snprintf to consilidate all use, add
error checking, and remove gcc 9 warnings about not checking
the result.
Replace the prevous use of snprintf added to weapon.c with the
new scheme.
Update a second spot that has a gcc sprintf warning. While
there, simplify the code.
Unicorn horns are just too good. Nerf it in similar way several
other variants have done: don't let it restore attribute loss.
This makes potion of restore ability more valuable, and the
int loss from the (nerfed) mind flayers matter more.
When a special level is created, there's a chance it gets flipped
horizontally and/or vertically.
Add new level flags "noflip", "noflipx", and "noflipy" to prevent
flipping the level. Add a wiz-mode command #wizlevelflip to test
the flipping on current level - although this doesn't flip everything,
as level flipping is meant to happen during level creation.
Game is playable, and should compile on linux and Windows.
Assumes you have a lua 5.3 library available.
Removes level compiler and associated files.
Replaces special level des-files with lua scripts.
Exposes some NetHack internals to lua:
- des-table with commands to create special levels
- nh-table with NetHack core commands
- nhc-table with some constants
- u-table with some player-specific data (u-struct)
- selection userdata
Adds some rudimentary tests.
Adds new extended command #wizloadlua to run a specific script,
and #wizloaddes to run a specific level-creation script.
nhlib.lua is loaded for every lua script.
Download and untar lua:
mkdir lib
cd lib
curl -R -O http://www.lua.org/ftp/lua-5.3.5.tar.gz
tar zxf lua-5.3.5.tar.gz
Then make nethack normally.
phase_of_moon and friday_13th determined using rn2() instead of local
time if fuzzing. Don't reseed using init_random() if fuzzing. Allow
set_random to be called outside of hacklib. rn2_on_display_rng uses
rn2 if fuzzing so that we have a single source of random that we can
ensure is reproducible. Implement rul() that returns a random unsigned
long. Fix bug in fuzzer handling of ntposkey which would cause us to use
unitialized values for x and y. Added command line arguments to allow
auto starting and stopping of fuzzer. Add a logging facility for the
fuzzer to use to record activity. Added some scripts used to automate
fuzzer testing on windows.
This is branched from Alex's hallu-rng-stability branch,
with two build corrections (detect.c, zap.c), and merged
with the isaac64 branch that we have ready to go.
Alex's dual rng is supported by setting up the array
of multiple isaac64 contexts.
I stuck with Alex's approach of passing the rng function
name around as the parameter (rng or rn2_on_display_rng)
for the new additional parameter needed for
set_random(), init_random(), reseed_random(),
and init_isaac64().
move some system-specific seed-related stuff from hacklib.c to
a system-specific source file and #define SYS_RANDOM_SEED to
utilize it during build.
Windows changes for random seed generation using
crypto next gen (CNG) api routines.
Corresponding vms changes due to disentangling of VMS and
unix when the unix seed bits got moved (untested).
For platforms that read from the system's random number generator,
reseed during level change, before the map of a new level is created and
after level creation has finished.
Linux and BSD system have random number source devices that can be used
as source for a unguessable seed source.
Other platforms fall back to generate the seed with gettime().
I can't find the original message at the moment, but one of the things
that an analyzer complained about was the *s='\0' possibly assigning
to a Null pointer. The superfluous test of 's' in the while condition
has fooled it into thinking that's possible when it's not.
if (s) {
while (s && ...) {
*s++ = ...
}
*s = '\0';
}
The expression '*cp-- = cp[-count]' is not valid C. There's no sequence
point between the two references to 'cp', and the decrement side-effect
could occur before or after cp[-count] is resolved.
The functions were also using ANSI-style argument definitions. The rest
is just reformatting.
It seems to me that the strbuf structure ought to have an allocation
size field in addition to the current length field. Otherwise a string
which gets shortened will forget about the extra length available for
later expansion, potentially resulting in unnecessary reallocation.
Defined strbuf_t and related routines to support dynamically sized
strings. Modified strip_newline() to strip the last newline in a string
instead of the first.
Simplified splash window code using new strbuf_t.
Prior to exiting game, re-enable getreturn and call wait_synch() in
case there is buffered raw prints that must be displayed to user.
This adds new utility routine strNsubst(), a more versatile version
of the existing strsubst(), that can replace the Nth occurrence of
a substring rather than just the first, and replaces all occurrences
if N is 0.
When working on vampire shape-shifting messages a few days ago I
noticed that a constructed pline/sprintf format was vulnerable to
the player giving the vampire a name with '%' in it and included
a fix for that. This fixes two other instances of the same
vulnerability: a monster with reflection triggering a floating
eye's gaze and the hero using a silver weapon against a silver-
hating monster.
I didn't do a lot of experimenting with the failure, just assigned
the name "foo%s" to the floating eye or the weapon. The resulting
feedback for the relevant messages was garbled due to parameters
being substituted in the wrong place. When that caused there to be
too few arguments to satisfy the format, the final message included
"null" for the missing one rather than triggering a crash while
trying to format something arbitrary from the stack.
I don't think these bugs provided sufficient user control to be
vulnerable to stack manipulation that does something naughty.
I found the dynamic format strings by searching for "%%". There
may be others scattered around the code which don't have that as
an indicator....
This is a modified version of Jason Dorje Short's key rebinding
patch, and allows also binding special keys, such as the ones
used in getloc and getpos.
One of the ways to play NetHack on nethack.alt.org is via a HTML
terminal in browser. Unfortunately this means several ctrl-key
combinations cannot be entered, because the browser intercepts
those. Similar thing applies to some international keyboard layouts
on Windows. With this patch, the user can just rebind the command
to a key that works best for them.
I've tested this on Linux TTY, X11, and Windows TTY and GUI.
The bug report assumed "you mime throwwing something" feedback
from 't-' was a typo, but 'throwwing' gets generated from 'throw'.
Change ing_suffix() not to double final 'w'. Presumeably 'w' and 'y'
are exceptions because they're sometimes used as vowels.
Change 'strrchr()' to 'rindex()' like the rest of nethack. Someday
those will need to be switched the other way around.
Add some missing bounds checking, although since ing_suffix() isn't
used for user-supplied strings, that's probably superfluous.
