diff options
author | Bardur Arantsson <bardur@scientician.net> | 2013-09-08 11:49:32 +0200 |
---|---|---|
committer | Bardur Arantsson <bardur@scientician.net> | 2013-09-27 14:46:43 +0200 |
commit | 88767d9fd11638b90e16da05426b19da9ef2b9b9 (patch) | |
tree | 185a93139f9b119bbdebd840cda377d1550c93a8 | |
parent | 7e88e06c6ea90c48c225ac89a7d7685dfa76cd65 (diff) |
Fix an overflow with allocation values
-rw-r--r-- | src/defines.h | 5 | ||||
-rw-r--r-- | src/init1.cc | 9 | ||||
-rw-r--r-- | src/init2.cc | 4 | ||||
-rw-r--r-- | src/types.h | 4 | ||||
-rw-r--r-- | src/variable.cc | 2 |
5 files changed, 18 insertions, 6 deletions
diff --git a/src/defines.h b/src/defines.h index 2c2d388d..36dca2d6 100644 --- a/src/defines.h +++ b/src/defines.h @@ -351,6 +351,11 @@ #define NASTY_MON 50 /* 1/chance of inflated monster level */ +/* + * Size of allocation table for objects + */ +#define ALLOCATION_MAX 8 + /* * Refueling constants diff --git a/src/init1.cc b/src/init1.cc index 076ca70e..646e8083 100644 --- a/src/init1.cc +++ b/src/init1.cc @@ -4393,6 +4393,11 @@ errr init_k_info_txt(FILE *fp, char *buf) /* XXX XXX XXX Simply read each number following a colon */ for (i = 0, s = buf + 1; s && (s[0] == ':') && s[1]; ++i) { + if (i >= ALLOCATION_MAX) { + msg_print("Too many allocation entries."); + return 1; + } + /* Default chance */ k_ptr->chance[i] = 1; @@ -4409,7 +4414,9 @@ errr init_k_info_txt(FILE *fp, char *buf) if (t && (!s || t < s)) { int chance = atoi(t + 1); - if (chance > 0) k_ptr->chance[i] = chance; + if (chance > 0) { + k_ptr->chance[i] = chance; + } } } diff --git a/src/init2.cc b/src/init2.cc index 4fb97a7e..1255699b 100644 --- a/src/init2.cc +++ b/src/init2.cc @@ -1910,7 +1910,7 @@ static errr init_alloc(void) k_ptr = &k_info[i]; /* Scan allocation pairs */ - for (j = 0; j < 4; j++) + for (j = 0; j < ALLOCATION_MAX; j++) { /* Count the "legal" entries */ if (k_ptr->chance[j]) @@ -1949,7 +1949,7 @@ static errr init_alloc(void) k_ptr = &k_info[i]; /* Scan allocation pairs */ - for (j = 0; j < 4; j++) + for (j = 0; j < ALLOCATION_MAX; j++) { /* Count the "legal" entries */ if (k_ptr->chance[j]) diff --git a/src/types.h b/src/types.h index b07e6954..22bc3bf5 100644 --- a/src/types.h +++ b/src/types.h @@ -186,8 +186,8 @@ struct object_kind u32b oflags4; /* Obvious Flags, set 4 */ u32b oflags5; /* Obvious Flags, set 5 */ - byte locale[4]; /* Allocation level(s) */ - byte chance[4]; /* Allocation chance(s) */ + byte locale[ALLOCATION_MAX]; /* Allocation level(s) */ + byte chance[ALLOCATION_MAX]; /* Allocation chance(s) */ byte level; /* Level */ byte extra; /* Something */ diff --git a/src/variable.cc b/src/variable.cc index 89df6cc5..6dd98919 100644 --- a/src/variable.cc +++ b/src/variable.cc @@ -597,7 +597,7 @@ u16b max_real_towns; town_type *town_info; /* - * The size of "alloc_kind_table" (at most max_k_idx * 4) + * The size of "alloc_kind_table" (at most max_k_idx * ALLOCATIONS_MAX) */ s16b alloc_kind_size; |