empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix an out-of-bounds subscript in fairland

Browse source 
elevate_land() tests for capital sector in three places.  The third
one is broken: half of the test is done even for islands, subscripting
capx[] and possibly capy[] out of bounds.  This could screw up
elevation (unlikely) or crash (even less likely).  Diagnosed with
valgrind.

Broken since the test was added in Chainsaw 3.12.  Parenthesis were
added blindly 4.0.11 to shut up the compiler.  Reindentation (commit
9b7adfbe and ef383c06, v4.2.13) made the bug stand out more, but it
still managed to hide in the general ugliness of fairland's code.
This commit is contained in:
Markus Armbruster 2012-05-05 13:46:15 +02:00
parent b4b38bf859
commit 3464a4a9d0
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/util/fairland.c
View file

@ -953,10 +953,10 @@ elevate_land(void)
else else
ELEV = HIGHMIN + rnd((256 - HIGHMIN) / 2) + ELEV = HIGHMIN + rnd((256 - HIGHMIN) / 2) +
rnd((256 - HIGHMIN) / 2); rnd((256 - HIGHMIN) / 2);
} else if ((c < nc && } else if (c < nc &&
((capx[c] == sectx[c][i] && capy[c] == secty[c][i]))) || (((capx[c] == sectx[c][i] && capy[c] == secty[c][i])) ||
((new_x(capx[c] + 2) == sectx[c][i] && ((new_x(capx[c] + 2) == sectx[c][i] &&
capy[c] == secty[c][i]))) capy[c] == secty[c][i]))))
ELEV = PLATMIN; ELEV = PLATMIN;
} }
} }