Fix misuse of ef_cadef(EF_BAD)

ef_elt_by_name(), xdprval_sym() and symval() checked whether a file
type T is a symbol table by comparing ef_cadef(T) to symbol_ca, even
though T may be EF_BAD.  Before commit 50cfdcb5, ef_cadef(EF_BAD)
accessed empfile[] out of bounds, which could conceivably crash or
somehow happen to yield symbol_ca.  Since then, it oopses and returns
null.

Fix by testing the file type before calling ef_cadef().

diff --git a/src/lib/common/type.c b/src/lib/common/type.c
index 00c5442471658ee3efd08d4d4650a8cec8a63a37..457f14f241c92d4d51cbdbd2e5849e40225e9d38 100644 (file)
--- a/src/lib/common/type.c
+++ b/src/lib/common/type.c
@@ -63,6 +63,7 @@ sct_typematch(char *name)
 
 /*
  * Search table TYPE for an element matching NAME, return its index.
+ * Accepts EF_BAD, but of course never finds anything then.
  * Return M_NOTFOUND if there are no matches, M_NOTUNIQUE if there are
  * several.
  */
@@ -70,6 +71,8 @@ int
 ef_elt_byname(int type, char *name)
 {
     switch (type) {
+    case EF_BAD:
+       return M_NOTFOUND;
     case EF_NATION:
        return cnumb(name);
     case EF_SECTOR_CHR:

diff --git a/src/lib/common/xdump.c b/src/lib/common/xdump.c
index c8d86f3eac82f6029725debf63849bc7a2998564..f51c620b7de23cd3e187e249807b57f8c0509d3d 100644 (file)
--- a/src/lib/common/xdump.c
+++ b/src/lib/common/xdump.c
@@ -197,10 +197,10 @@ xdprsym(struct xdstr *xd, int key, int type, char *sep)
  * CA describes the field from which the value was fetched.
  */
 static char *
-xdprval_sym(struct xdstr *xd, struct valstr *val, struct castr *ca, char *sep)
+xdprval_sym(struct xdstr *xd, struct valstr *val, struct castr *ca,
+           char *sep)
 {
     unsigned long bit;
-    struct castr *ca_sym = ef_cadef(ca->ca_table);
 
     if (CANT_HAPPEN(val->val_cat != NSC_VAL)) {
        xd->pr("%snil", sep);
@@ -208,7 +208,7 @@ xdprval_sym(struct xdstr *xd, struct valstr *val, struct castr *ca, char *sep)
     }
 
     if (!xd->human || val->val_type != NSC_LONG
-       || ca->ca_table == EF_BAD || ca_sym != symbol_ca)
+       || ca->ca_table == EF_BAD || ef_cadef(ca->ca_table) != symbol_ca)
        return xdprval_nosym(xd, val, sep);
 
     if (ca->ca_flags & NSC_BITS) {

diff --git a/src/lib/common/xundump.c b/src/lib/common/xundump.c
index 0a811974d843ee830b5606181fbb67d5c8059312..9b389260c5a57170e2e50b10a9daeaa13fad71af 100644 (file)
--- a/src/lib/common/xundump.c
+++ b/src/lib/common/xundump.c
@@ -671,7 +671,7 @@ symval(struct castr *ca, int i)
 {
     int type = ca->ca_table;
 
-    if (ef_cadef(type) == symbol_ca)
+    if (type != EF_BAD && ef_cadef(type) == symbol_ca)
        /* symbol table, value is in the table */
        return ((struct symbol *)ef_ptr(type, i))->value;
     /* value is the table index */