Fix seqno mismatch and use-after-free in shp_sweep()

The code wrote the swept sector after calling shp_check_one_mines().
This failed to use up the mine that hit the minesweeper, and triggered
a seqno mismatch oops.

The code wrote the minesweeper after calling shp_check_one_mines().
This used freed memory when the minesweeper got sunk there.

Broken in 4.0.17.  Fix by moving both calls before
shp_check_one_mines().

diff --git a/src/lib/subs/shpsub.c b/src/lib/subs/shpsub.c
index 0240bec7b9d7d6a833a91495b0f1c8000b50ae9c..4bb1064f09c1503733dcf3b3ac0f24b1d2bd7d6e 100644 (file)
--- a/src/lib/subs/shpsub.c
+++ b/src/lib/subs/shpsub.c
@@ -215,13 +215,13 @@ shp_sweep(struct emp_qelem *ship_list, int verbose, int takemob, natid actor)
        }
        sect.sct_mines = mines;
        mlp->unit.ship.shp_item[I_SHELL] = shells;
+       putship(mlp->unit.ship.shp_uid, &mlp->unit.ship);
+       putsect(&sect);
        if (shp_check_one_mines(mlp)) {
            stopping = 1;
            emp_remque(qp);
            free(qp);
        }
-       putship(mlp->unit.ship.shp_uid, &mlp->unit.ship);
-       putsect(&sect);
     }
     if (changed)
        writemap(actor);