From 3464a4a9d000923815c752ea3a2ab5c7dd702dee Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Sat, 5 May 2012 13:46:15 +0200 Subject: [PATCH] Fix an out-of-bounds subscript in fairland elevate_land() tests for capital sector in three places. The third one is broken: half of the test is done even for islands, subscripting capx[] and possibly capy[] out of bounds. This could screw up elevation (unlikely) or crash (even less likely). Diagnosed with valgrind. Broken since the test was added in Chainsaw 3.12. Parenthesis were added blindly 4.0.11 to shut up the compiler. Reindentation (commit 9b7adfbe and ef383c06, v4.2.13) made the bug stand out more, but it still managed to hide in the general ugliness of fairland's code. --- src/util/fairland.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/util/fairland.c b/src/util/fairland.c index 618cf7b2..3b13d0dc 100644 --- a/src/util/fairland.c +++ b/src/util/fairland.c @@ -953,10 +953,10 @@ elevate_land(void) else ELEV = HIGHMIN + rnd((256 - HIGHMIN) / 2) + rnd((256 - HIGHMIN) / 2); - } else if ((c < nc && - ((capx[c] == sectx[c][i] && capy[c] == secty[c][i]))) || - ((new_x(capx[c] + 2) == sectx[c][i] && - capy[c] == secty[c][i]))) + } else if (c < nc && + (((capx[c] == sectx[c][i] && capy[c] == secty[c][i])) || + ((new_x(capx[c] + 2) == sectx[c][i] && + capy[c] == secty[c][i])))) ELEV = PLATMIN; } }