From 6578cd2cba8e7f9cb4b8dd99b4670aaeccb337a7 Mon Sep 17 00:00:00 2001 From: Christian Heller <c.heller@plomlompom.de> Date: Wed, 16 Apr 2014 16:08:46 +0200 Subject: [PATCH] Client: Fix crashes happening on navigation in too large inventory (string). --- TODO | 4 ++-- confserver/world | 2 +- src/client/control.c | 7 +++++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/TODO b/TODO index 9226ff0..5438e49 100644 --- a/TODO +++ b/TODO @@ -9,6 +9,8 @@ BOTH SERVER/CLIENT: - be more strict and humble when allocating memory from the stack +- handle crashes on OS X: <https://github.com/plomlompom/plomrogue/issues/1> + SERVER: - implement field of view / line of sight and obstacles for those on the map @@ -23,5 +25,3 @@ CLIENT: - enable toggling of window borders - make log scrollable - -- nav_inventory() expects too short inventory string length for i diff --git a/confserver/world b/confserver/world index 724d012..f773be2 100644 --- a/confserver/world +++ b/confserver/world @@ -27,7 +27,7 @@ EFFORT 45 OBJECT 0 NAME HUMAN SYMBOL @ -LIFEPOINTS 5 +LIFEPOINTS 255 CORPSE_ID 5 CONSUMABLE 0 START_NUMBER 1 diff --git a/src/client/control.c b/src/client/control.c index 1961334..d5d8d9e 100644 --- a/src/client/control.c +++ b/src/client/control.c @@ -1,9 +1,10 @@ /* src/client/control.c */ #include "control.h" -#include <stdint.h> /* uint8_t, uint16_t */ +#include <stdint.h> /* uint8_t, uint16_t, uint32_t, UINT32_MAX */ #include <stdio.h> /* sprintf() */ #include <string.h> /* strlen() */ +#include "../common/rexit.h" /* exit_err() */ #include "interface_conf.h" /* reload_interface_conf(), save_interface_conf() */ #include "io.h" /* send() */ #include "keybindings.h" /* get_command_to_keycode(), get_keycode_to_command(), @@ -54,7 +55,9 @@ static void nav_inventory(char dir) return; } uint8_t n_elems = 0; - uint8_t i; + uint32_t i; + char * err = "Inventory string is too large."; + exit_err(UINT32_MAX <= strlen(world.player_inventory), err); for (i = 0; '\0' != world.player_inventory[i]; i++) { n_elems = n_elems + ('\n' == world.player_inventory[i]); -- 2.30.2