files could clobber the game when reading confirmation fails
fgets() fails on read error or EOF. When it fails, it doesn't touch the buffer. Since files didn't check its return value, it read an uninitialized character from the buffer. If that happened to be 'y' or 'Y', it happily clobbered the game.
This commit is contained in:
parent
f9d6149db3
commit
2b4e97730d
1 changed files with 1 additions and 2 deletions
|
|
@ -130,8 +130,7 @@ main(int argc, char *argv[])
|
|||
printf("WARNING: this blasts the existing game in %s (if any)\n",
|
||||
gamedir);
|
||||
printf("continue? ");
|
||||
fgets(buf, sizeof(buf), stdin);
|
||||
if (*buf != 'y' && *buf != 'Y')
|
||||
if (!fgets(buf, sizeof(buf), stdin) || (*buf != 'y' && *buf != 'Y'))
|
||||
exit(1);
|
||||
}
|
||||
for (i = 0; i < EF_MAX; i++) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue