From 68dc9b2936b9f8c6ee8fbf5555977986227225bd Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Mon, 5 Mar 2012 12:57:33 +0100 Subject: [PATCH] Fix uninitialized variable use in defending land unit retreat lnd_take_casualty() uses uninitialized rsect to compute the mobility cost of retreating a defending land unit. This can charge incorrect mobility, prevent retreat, or, if the stars align just right, crash the server when sector_mcost() subscripts dchr[] with it. Broken in commit 4e7c993a, v4.3.6. Reported by Scott C. Zielinski. --- src/lib/subs/lndsub.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/lib/subs/lndsub.c b/src/lib/subs/lndsub.c index 30630a708..9a414b90b 100644 --- a/src/lib/subs/lndsub.c +++ b/src/lib/subs/lndsub.c @@ -169,7 +169,6 @@ lnd_take_casualty(int combat_mode, struct ulist *llp, int cas) char buf[1024]; int taken; int nowhere_to_go = 0; - struct sctstr rsect; double mobcost, bmcost; signed char orig; int mob; @@ -237,7 +236,7 @@ lnd_take_casualty(int combat_mode, struct ulist *llp, int cas) continue; if (sect.sct_type == SCT_MOUNT) continue; - mobcost = lnd_mobcost(&llp->unit.land, &rsect); + mobcost = lnd_mobcost(&llp->unit.land, §); if (mobcost < 0) continue; ++nowned; @@ -256,7 +255,6 @@ lnd_take_casualty(int combat_mode, struct ulist *llp, int cas) llp->unit.land.lnd_x = bx; llp->unit.land.lnd_y = by; /* FIXME landmines */ - getsect(bx, by, &rsect); mob = llp->unit.land.lnd_mobil - (int)bmcost; if (mob < -127) mob = -127; -- 2.43.0