Login
User Name:

Password:



Register
Forgot your password?
Vote for Us!
Bug in disarm( )
Nov 12, 2017, 6:54 pm
By GatewaySysop
Bug in will_fall( )
Oct 23, 2017, 1:35 am
By GatewaySysop
Bug in do_zap( ), do_brandish( )
Oct 18, 2017, 1:52 pm
By GatewaySysop
Bug in get_exp_worth( )
Oct 10, 2017, 1:26 am
By GatewaySysop
Bug in do_drag( )
Oct 8, 2017, 12:40 am
By GatewaySysop
LOP Heroes Edition
Author: Vladaar
Submitted by: Vladaar
Heroes sound extras
Author: Vladaar
Submitted by: Vladaar
6Dragons 4.3
Author: Vladaar
Submitted by: Vladaar
Memwatch
Author: Johan Lindh
Submitted by: Vladaar
Beastmaster 6D sound files
Author: Vladaar
Submitted by: Vladaar
Users Online
CommonCrawl, Google, Bing, DotBot

Members: 0
Guests: 9
Stats
Files
Topics
Posts
Members
Newest Member
476
3,704
19,231
608
LAntorcha
Today's Birthdays
There are no member birthdays today.
Related Links
» SmaugMuds.org » Bugfix Lists » SWR FUSS Bugfix List » [Bug] Loading color values ca...
Forum Rules | Mark all | Recent Posts

[Bug] Loading color values can overflow the allowed maximums
< Newer Topic :: Older Topic >

Pages:<< prev 1 next >>
Post is unread #1 Jan 27, 2007, 2:42 pm   Last edited Jan 28, 2007, 12:03 am by Samson
Go to the top of the page
Go to the bottom of the page

Samson
Black Hand
GroupAdministrators
Posts3,639
JoinedJan 1, 2002

Bug: Loading color values can overflow the allowed maximums
Danger: Medium - If MAX_COLORS is lower than the stored value on a pfile, the array will overflow and crash.
Found by: Remcon
Fixed by: Samson

---

save.c, fread_char

Locate:
            if( !str_cmp( word, "Colors" ) )
            {
               int x;

               for( x = 0; x < max_colors; x++ )
                  ch->colors[x] = fread_number( fp );
               fMatch = TRUE;
               break;
            }


Change to:
            if( !str_cmp( word, "Colors" ) )
            {
               int x;

               for( x = 0; x < max_colors; x++ )
                  ch->colors[x] = fread_number( fp );
               fread_to_eol( fp );
               fMatch = TRUE;
               break;
            }


Locate:
            KEY( "MaxColors", max_colors, fread_number( fp ) );


Change to:
            if( !str_cmp( word, "MaxColors" ) )
            {
               int temp = fread_number( fp );

               max_colors = UMIN( temp, MAX_COLORS );

               fMatch = TRUE;
               break;
            }


color.c, reset_colors

Locate:
         if( !str_cmp( word, "MaxColors" ) )
         {
            max_colors = fread_number( fp );
            continue;
         }
         if( !str_cmp( word, "Colors" ) )
         {
            for( x = 0; x < max_colors; ++x )
               ch->colors[x] = fread_number( fp );
            continue;
         }


Change to:
         if( !str_cmp( word, "MaxColors" ) )
         {
            int temp = fread_number( fp );
            max_colors = UMIN( temp, MAX_COLORS );
            continue;
         }
         if( !str_cmp( word, "Colors" ) )
         {
            int x;

            for( x = 0; x < max_colors; ++x )
               ch->colors[x] = fread_number( fp );
            fread_to_eol( fp );
            continue;
         }


color.c, do_color

Locate:
         if( !str_cmp( word, "MaxColors" ) )
         {
            max_colors = fread_number( fp );
            continue;
         }
         if( !str_cmp( word, "Colors" ) )
         {
            for( x = 0; x < max_colors; ++x )
               ch->colors[x] = fread_number( fp );
            continue;
         }


Change to:
         if( !str_cmp( word, "MaxColors" ) )
         {
            int temp = fread_number( fp );
            max_colors = UMIN( temp, MAX_COLORS );
            continue;
         }
         if( !str_cmp( word, "Colors" ) )
         {
            int x;

            for( x = 0; x < max_colors; ++x )
               ch->colors[x] = fread_number( fp );
            fread_to_eol( fp );
            continue;
         }


This is one of those quiet disasters waiting to happen. If you for some reason remove some custom color settings from the game after it has been running for awhile, people will have saved pfiles with the old information. This information includes a value setting for what MAX_COLORS was at the time the person saved. This is a Bad Thing™ if this value goes above the new MAX_COLORS setting because it will cause the array to overflow. The likely result of this is a crash.
       
Pages:<< prev 1 next >>