nethack-gwaa-kiwi/nethack
1
0
Fork 0
Code Pull Requests Activity
Files
4ede5f1cd4097479e24e2eb9a6cdc4ac0ac0491b
nethack/src
History
nhmall 4ede5f1cd4 Use-after-free with engulfer in xkilled #938 
If you were on a level teleporter, the spoteffects() call after
the hero gets expelled could end up going to a new level and
freeing all the monst chains from the level you were originally
engulfed on.

    #0 0xba0507 in free
    #1 0x87feda in dealloc_monst src/mon.c:2369
    #2 0x880a02 in dmonsfree src/mon.c:2194
    #3 0x9a7aa2 in savelev_core src/save.c:507
    #4 0x9a7a21 in savelev src/save.c:466
    #5 0x71eb9d in goto_level src/do.c:1483
    #6 0x71833f in deferred_goto src/do.c:1903
    #7 0xa2533f in level_tele src/teleport.c:1117
    #8 0xa2567b in level_tele_trap src/teleport.c:1198
    #9 0xa5c007 in trapeffect_level_telep src/trap.c:1861
    #10 0xa5f856 in trapeffect_selector src/trap.c:2497
    #11 0xa47497 in dotrap src/trap.c:2586
    #12 0x7d669b in spoteffects src/hack.c:2859
    #13 0x89d495 in xkilled src/mon.c:3187

The latter parts of xkilled() after the spoteffects() call would
then attempt to dereference the free'd monst pointer.

Save a copy of the monst struct prior to spoteffects() if you were
expelled, then point at the reference copy afterwards.

Resolves #938
2022-12-01 03:48:11 -05:00
..
.gitattributes
take 2 on src/.gitattributes
2022-02-04 09:41:30 -05:00
.gitignore
remove references to old Qt 'moc' timestamp files
2022-02-25 10:39:45 -08:00
allmain.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
alloc.c
remove the code to silence lint
2022-11-19 00:49:11 -08:00
apply.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
artifact.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
attrib.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
ball.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
bones.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
botl.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
cmd.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
date.c
some tabs to spaces
2022-10-26 14:21:23 -04:00
dbridge.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
decl.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
detect.c
Fix autodescribe after reading a cursed scroll of gold detection
2022-11-30 17:34:00 -08:00
dig.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
display.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
dlb.c
some C99 changes
2022-10-29 10:54:25 -04:00
do_name.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
do_wear.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
do.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
dog.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
dogmove.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
dokick.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
dothrow.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
drawing.c
return legal indexes for some display.h macros
2022-09-06 10:00:07 -04:00
dungeon.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
eat.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
end.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
engrave.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
exper.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
explode.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
extralev.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
files.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
fountain.c
Fix: use-after-free when fountain dipping
2022-11-30 12:54:26 -08:00
hack.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
hacklib.c
some coordxy and other conversion warnings
2022-11-23 17:49:55 -05:00
insight.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
invent.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
isaac64.c
remove unused math.h in isaac64.c
2022-09-19 17:32:42 -04:00
light.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
lock.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mail.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
makemon.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mcastu.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mdlib.c
some coordxy and other conversion warnings
2022-11-23 17:49:55 -05:00
mhitm.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mhitu.c
Fix: potential use-after-free in expels()
2022-11-30 14:54:05 -08:00
minion.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mklev.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mkmap.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mkmaze.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mkobj.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mkroom.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mon.c
Use-after-free with engulfer in xkilled #938
2022-12-01 03:48:11 -05:00
mondata.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
monmove.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
monst.c
ENHANCED_SYMBOLS
2022-05-07 10:25:13 -04:00
mplayer.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
mthrowu.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
muse.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
music.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
nhlobj.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
nhlsel.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
nhlua.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
o_init.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
objects.c
forward declarations for struct monst, struct obj
2022-09-13 10:27:53 -07:00
objnam.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
options.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
pager.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
pickup.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
pline.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
polyself.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
potion.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
pray.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
priest.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
quest.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
questpgr.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
read.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
rect.c
Some selection optimizations
2022-08-26 12:43:40 +03:00
region.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
restore.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
rip.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
rnd.c
remove the code to silence lint
2022-11-19 00:49:11 -08:00
role.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
rumors.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
save.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
sfstruct.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
shk.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
shknam.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
sit.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
sounds.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
sp_lev.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
spell.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
steal.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
steed.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
symbols.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
sys.c
control of command-line usage entry in '?' menu
2022-11-18 17:54:17 -08:00
teleport.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
timeout.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
topten.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
track.c
switch source tree from k&r to c99
2021-01-26 21:06:16 -05:00
trap.c
more #936 - water vs potions of acid
2022-11-30 14:49:11 -08:00
u_init.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
uhitm.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
utf8map.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
vault.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
version.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
vision.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
weapon.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
were.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
wield.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
windows.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
wizard.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
worm.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
worn.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
write.c
split g into multiple structures
2022-11-29 21:53:21 -05:00
zap.c
split g into multiple structures
2022-11-29 21:53:21 -05:00