From c63ec06d158844e8e7b50634b18ab41037acc1c2 Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@pond.sub.org>
Date: Mon, 7 Sep 2009 15:18:17 -0400
Subject: [PATCH] Fix use of invalid pointer when depleting resource "none"

prod() and produce() dereferenced resource uninitialized for products
depleting resource "none" (p_nrdep != 0 && p_nrndx == 0).  The latter
even wrote to it.

Depleting "none" makes no sense, and the depletion is now ignored.
Before, it could conceivably crash the server or corrupt the game.
---
 src/lib/commands/prod.c  | 11 +++++++----
 src/lib/update/produce.c | 13 ++++++++-----
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/lib/commands/prod.c b/src/lib/commands/prod.c
index 80f281b20..2b2b65196 100644
--- a/src/lib/commands/prod.c
+++ b/src/lib/commands/prod.c
@@ -211,14 +211,17 @@ prod(void)
 	unit_work = 0;
 	pp = &pchr[dchr[type].d_prd];
 	vtype = pp->p_type;
+	if (pp->p_nrndx)
+	    resource = (unsigned char *)&sect + pp->p_nrndx;
+	else
+	    resource = NULL;
 	natp = getnatp(sect.sct_own);
 	/*
 	 * sect p_e  (inc improvements)
 	 */
-	if (pp->p_nrndx != 0) {
+	if (resource) {
 	    unit_work++;
-	    resource = (unsigned char *)&sect + pp->p_nrndx;
-	    p_e = (*resource * p_e) / 100.0;
+	    p_e *= *resource / 100.0;
 	}
 	/*
 	 * production effic.
@@ -244,7 +247,7 @@ prod(void)
 	 * workforce?
 	 */
 	max = (int)(work * p_e / (double)unit_work + 0.5);
-	if (pp->p_nrdep != 0 && vtype != I_NONE) {
+	if (resource && pp->p_nrdep != 0 && vtype != I_NONE) {
 	    if (*resource * 100 < pp->p_nrdep * max)
 		max = *resource * 100 / pp->p_nrdep;
 	}
diff --git a/src/lib/update/produce.c b/src/lib/update/produce.c
index 8fbc569fa..230499552 100644
--- a/src/lib/update/produce.c
+++ b/src/lib/update/produce.c
@@ -66,6 +66,10 @@ produce(struct natstr *np, struct sctstr *sp, short *vec, int work,
 	return 0;
     product = &pchr[dchr[desig].d_prd];
     item = product->p_type;
+    if (product->p_nrndx)
+	resource = (unsigned char *)sp + product->p_nrndx;
+    else
+	resource = NULL;
     *amount = 0;
     *cost = 0;
 
@@ -75,10 +79,9 @@ produce(struct natstr *np, struct sctstr *sp, short *vec, int work,
      * calculate production efficiency.
      */
     p_e = neweff / 100.0;
-    if (product->p_nrndx != 0) {
+    if (resource) {
 	unit_work++;
-	resource = (unsigned char *)sp + product->p_nrndx;
-	p_e = (*resource * p_e) / 100.0;
+	p_e *= *resource / 100.0;
     }
     /*
      * determine number that can be made with
@@ -90,7 +93,7 @@ produce(struct natstr *np, struct sctstr *sp, short *vec, int work,
     worker_limit = roundavg(work * p_e / unit_work);
     if (material_consume > worker_limit)
 	material_consume = worker_limit;
-    if (product->p_nrdep != 0) {
+    if (resource && product->p_nrdep != 0) {
 	if (*resource * 100 < product->p_nrdep * material_consume)
 	    material_consume = *resource * 100 / product->p_nrdep;
     }
@@ -140,7 +143,7 @@ produce(struct natstr *np, struct sctstr *sp, short *vec, int work,
      */
     if (!player->simulation) {
 	materials_charge(product, vec, material_consume);
-	if (product->p_nrdep != 0) {
+	if (resource && product->p_nrdep != 0) {
 	    /*
 	     * lower natural resource in sector depending on
 	     * amount produced
-- 
2.43.0