> if (strlen(simpleoname) > BUFSZ - sizeof "the ")
> simpleoname[sizeof "the "] = '\0';
The second line should have been
| simpleoname[strlen(simpleoname) - sizeof "the "] = '\0';
but fixing that isn't adequate. The BUFSZ limit is not valid when
dealing with object names since xname() leaves room for a prefix so
doesn't return the start of a BUFSZ-sized buffer.
Strangely enough, the complaint that caused me to add those two lines
isn't being triggered any more. Some other change at the same time,
perhaps splitting
Strcpy(simpleoname, obufp = the(simpleoname));
into
obufp = the(simpleoname);
Strcpy(simpleoname, obufp);
pacified the analyzer. However, it didn't resolve the valid complaint
that inserting "the " might result in overflow.
I've added a comment about simpleonames(), ansimpleoname(), and
thesimpleoname() about the possible overflow, but I don't think that
such overflow can actually happen when user-applied object name is
being suppressed.
I got confused and thought that this one (actually pair) was more
complicated than it actually is. have_mixed_leadin is used in an
ordinary way, but resetting it to false happens in spots where it
can't be used again. The analyzer complains that the assignments
don't do anything useful.
When testing the analyzer lint fixes for pager.c, I noticed that //
wasn't finding the data.base entry for stairs when examining the up
stairs on level 1. It is labelled "branch stairs up" which doesn't
match "stair*".
This construct triggered several complaints about passing Null to
Strcpy(simpleoname, obufp = the(simpleoname));
Changing that to
obufp = the(simpleoname);
Strcpy(simpleoname, obufp);
prevents it, but the original complaint is bogus and the "fix"
doesn't do anything to deal with Null arguments.
A couple of other changes introduce different code in order to get
different behavior. I updated from llvm-16 to llvm-19 but didn't
eliminate any of the spurious complaints.
Clear "next" boulder so that when pushing a pile of boulders, only
the first message for each of the 2nd, 3rd, &c will be formatted as
"next boulder". If any of them trigger additional messages, those
messages will use normal "boulder".
Commit 1acc2727 helped ensure that the which_armor(mtmp, W_SADDLE)
test at the top of put_saddle_on_mon() wouldn't lead to an obj
leak.
This commit covers off the adjacent can_saddle() test in
put_saddle_on_mon(), because if that failed, it could also lead
to a memory leak of the saddle obj passed by the caller.
- have put_saddle_on_mon() create and use its own saddle obj
if a NULL saddle obj is passed, instead of having to do that
in the caller.
- where an existing saddle obj needs to be passed from the caller,
ensure that the caller has done its own can_saddle(mon) check prior
to calling put_saddle_on_mon(), so that the can_saddle() test
in put_saddle_on_mon() won't fail.
- lastly, add an impossible() to put_saddle_on_mon() to catch
a failure when a saddle obj is passed from the caller and either
test has failed, just in case. That should not happen with any of
the existing cases now, but it will provide some bullet-proofing
for new code, new callers.
makemon() has a 1% chance to bestow a worn saddle when creating any
rideable monster. If that chance kicked in on a knight's starting
pony, an extra saddle would end up being created but not worn nor
in inventory nor on floor so not be freed when the game ended.
That 1% chance also overrode saddle suppression for pauper knights.
There wouldn't be any extra saddle but their pony could start with
one, against intent.
Have makedog() (which is only used for starting pet) tell makemon()
to suppress inventory when creating the initial pet.
Overzealous change yesterday. For use_defensive(), the unicorn
horn case already has guards for Null item and the added one
issues bogus panic() when a unicorn or ki-rin uses its own horn.
In file included from ../include/config.h:723:0,
from ../include/hack.h:10,
from files.c:8:
../include/global.h:519:24: error: expected ')' before '<=' token
#define unctrl(c) ((c) <= C('z') ? (0x60 | (c)) : (c))
^
../lib/pdcursesmod/curses.h:1686:16: note: in expansion of macro 'unctrl'
PDCEX char *unctrl(chtype);
^~~~~~
Define a macro NH_C to provide a shorter & simpler way to test for
which C standard the build is being carried out under (c99 or c23).
NH_C > 202300L Being compiled under C23 or greater
NH_C > 199900L Being compiled under C99 or greater
NH_C > 198900L Being compiled under C89 or greater,
or C std could not be determined.
While NetHack only requires c99, we've been taking advantage
of some c23 features (attributes), if they are available,
to allow the use of ATTRNORETURN/NORETURN and FALLTHROUGH on
compilers other than gcc.
Also add some comment documentation to tradstdc.h about NetHack's
use of c99.
The sys/unix/Makefile.top change overcomes a warning in the
Makefile-generated nhlua.h. That warning arises under some compilers
that rely on attribute [[noreturn]] ahead of a declaration
(NetHack macro ATTRNORETURN), rather than the trailing gcc
__attribute((noreturn)) (NetHack macro NORETURN). The sed command
is modified to include ATTRNORETURN at the start of the declaration
in addition to the NORETURN at the end of the declaration, in the
generated file. That's the same combination that's used for the
declaration of other functions that don't return.
I'm not really sure about this one. insert_branch(branch,) is
specified as not accepting a Null pointer and doesn't have any
defense against it, but the know level setup seems to allow a null
pointer through. I'm not sure whether this is the right fix.
If one or more boulders were next to lava and hero broke a wand of digging
next to that location, the boulder(s) stayed over the lava causing a sanity
checking error.
The missing break meant that executation fell through to the default
case and reset xlocale and ylocale to 0. The comment states that
this is for the fuzzer; I have no idea whether this fix matters to it.
Verifying that strlen(string) isn't too long, then allocating and
copying strlen(string)+1 draws a complaint about strcpy() overflowing
its output buffer.
Not an issue for regular play, but could matter for config file and
sysconf manipulation.
Picked arbitrarily; there weren't any unresolved analyzer complaints
for trap.c. I wonder why the onefile analysis isn't complaining here.
'in_sight' may have been relevant before the trapeffect_xyz() code
was split apart, but it isn't useful for trapeffect_hole() despite
the comment about it.
release_holding_trap() is fairly convoluted and the complaints being
addressed here were relevant.
