files could clobber the game when reading confirmation fails

fgets() fails on read error or EOF.  When it fails, it doesn't touch
the buffer.  Since files didn't check its return value, it read an
uninitialized character from the buffer.  If that happened to be 'y'
or 'Y', it happily clobbered the game.

diff --git a/src/util/files.c b/src/util/files.c
index 71233c685f6a39649cacf3026620a71f00cd58c9..98c9bdc416db6369715499a341d2e8f68b012c01 100644 (file)
--- a/src/util/files.c
+++ b/src/util/files.c
@@ -130,8 +130,7 @@ main(int argc, char *argv[])
        printf("WARNING: this blasts the existing game in %s (if any)\n",
               gamedir);
        printf("continue? ");
-       fgets(buf, sizeof(buf), stdin);
-       if (*buf != 'y' && *buf != 'Y')
+       if (!fgets(buf, sizeof(buf), stdin) || (*buf != 'y' && *buf != 'Y'))
            exit(1);
     }
     for (i = 0; i < EF_MAX; i++) {