From 5490782db384135003ebf90d0f70fcefac49ea7b Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Mon, 25 Feb 2008 20:57:33 +0100 Subject: [PATCH] Check ef_type before dereferencing struct empobj Such manual checking is error prone, but the best we can do right now. --- src/lib/commands/look.c | 3 +++ src/lib/commands/rada.c | 3 +++ src/lib/subs/maps.c | 4 ++++ src/lib/subs/mission.c | 5 +++++ src/lib/subs/nxtitem.c | 11 +++++++++-- src/lib/subs/unitsub.c | 24 +++++++++++++++++++----- src/lib/update/nxtitemp.c | 11 +++++++++-- 7 files changed, 52 insertions(+), 9 deletions(-) diff --git a/src/lib/commands/look.c b/src/lib/commands/look.c index b702ca51..51e76a2c 100644 --- a/src/lib/commands/look.c +++ b/src/lib/commands/look.c @@ -67,6 +67,9 @@ do_look(short type) unsigned char *bitmap; int changed = 0; + if (CANT_HAPPEN(type != EF_LAND && type != EF_SHIP)) + type = EF_SHIP; + if (!snxtitem(&ni, type, player->argp[1])) return RET_SYN; if ((bitmap = malloc((WORLD_X * WORLD_Y) / 8)) == 0) { diff --git a/src/lib/commands/rada.c b/src/lib/commands/rada.c index 8ce640d7..0265d9e0 100644 --- a/src/lib/commands/rada.c +++ b/src/lib/commands/rada.c @@ -61,6 +61,9 @@ radar(short type) char buf[1024]; char prompt[80]; + if (CANT_HAPPEN(type != EF_LAND && type != EF_SHIP)) + type = EF_SHIP; + sprintf(prompt, "Radar from (%s # or sector(s)) : ", ef_nameof(type)); cp = getstarg(player->argp[1], prompt, buf); diff --git a/src/lib/subs/maps.c b/src/lib/subs/maps.c index 6b2c6e36..ca9eaa0b 100644 --- a/src/lib/subs/maps.c +++ b/src/lib/subs/maps.c @@ -349,6 +349,10 @@ unit_map(int unit_type, int uid, struct nstr_sect *nsp, char *originp) struct range range; char *name; + if (CANT_HAPPEN((ef_flags(unit_type) & (EFF_OWNER | EFF_XY)) + != (EFF_OWNER | EFF_XY))) + return RET_FAIL; + if (!get_empobj(unit_type, uid, &unit)) return RET_FAIL; if (!player->owner || unit.gen.own == 0) diff --git a/src/lib/subs/mission.c b/src/lib/subs/mission.c index baf97bac..0430f192 100644 --- a/src/lib/subs/mission.c +++ b/src/lib/subs/mission.c @@ -622,6 +622,9 @@ perform_mission(coord x, coord y, natid victim, struct emp_qelem *list, else emp_insque(&plp->queue, &bombers); plane_owner = plp->plane.pln_own; + } else { + CANT_REACH(); + break; } } if (!QEMPTY(&missiles)) { @@ -1327,6 +1330,8 @@ air_defense(coord x, coord y, natid victim, struct emp_qelem *bomb_list, next = qp->q_forw; glp = (struct genlist *)qp; gp = glp->thing; + if (CANT_HAPPEN(gp->ef_type != EF_PLANE)) + break; dist = mapdist(x, y, gp->x, gp->y); diff --git a/src/lib/subs/nxtitem.c b/src/lib/subs/nxtitem.c index d8f10a71..01af5b13 100644 --- a/src/lib/subs/nxtitem.c +++ b/src/lib/subs/nxtitem.c @@ -72,26 +72,33 @@ nxtitem(struct nstr_item *np, void *ptr) case NS_ALL: break; case NS_DIST: + if (CANT_HAPPEN(!(ef_flags(np->type) & EFF_XY))) + return 0; if (!xyinrange(gp->x, gp->y, &np->range)) { selected = 0; break; } - np->curdist = mapdist((int)gp->x, (int)gp->y, - (int)np->cx, (int)np->cy); + np->curdist = mapdist(gp->x, gp->y, np->cx, np->cy); if (np->curdist > np->dist) selected = 0; break; case NS_AREA: + if (CANT_HAPPEN(!(ef_flags(np->type) & EFF_XY))) + return 0; if (!xyinrange(gp->x, gp->y, &np->range)) selected = 0; if (gp->x == np->range.hx || gp->y == np->range.hy) selected = 0; break; case NS_XY: + if (CANT_HAPPEN(!(ef_flags(np->type) & EFF_XY))) + return 0; if (xnorm(gp->x) != np->cx || ynorm(gp->y) != np->cy) selected = 0; break; case NS_GROUP: + if (CANT_HAPPEN(!(ef_flags(np->type) & EFF_GROUP))) + return 0; if (np->group != gp->group) selected = 0; break; diff --git a/src/lib/subs/unitsub.c b/src/lib/subs/unitsub.c index cc895d89..9b5aacde 100644 --- a/src/lib/subs/unitsub.c +++ b/src/lib/subs/unitsub.c @@ -45,16 +45,20 @@ unit_list(struct emp_qelem *unit_list) struct emp_qelem *qp; struct emp_qelem *next; struct ulist *ulp; + int type; struct empobj *unit; struct lndstr *lnd; struct shpstr *shp; - CANT_HAPPEN(QEMPTY(unit_list)); - + if (CANT_HAPPEN(QEMPTY(unit_list))) + return; qp = unit_list->q_back; ulp = (struct ulist *)qp; + type = ulp->unit.ef_type; + if (CANT_HAPPEN(type != EF_LAND && type != EF_SHIP)) + return; - if (ulp->unit.ef_type == EF_LAND) + if (type == EF_LAND) pr("lnd# land type x,y a eff sh gun xl mu tech retr fuel\n"); else pr("shp# ship type x,y fl eff mil sh gun pn he xl ln mob tech\n"); @@ -65,12 +69,14 @@ unit_list(struct emp_qelem *unit_list) lnd = &ulp->unit.land; shp = &ulp->unit.ship; unit = &ulp->unit.gen; + if (CANT_HAPPEN(type != unit->ef_type)) + continue; pr("%4d ", unit->uid); pr("%-16.16s ", emp_obj_chr_name(unit)); prxy("%4d,%-4d ", unit->x, unit->y, unit->own); pr("%1.1s", &unit->group); pr("%4d%%", unit->effic); - if (unit->ef_type == EF_LAND) { + if (type == EF_LAND) { pr("%4d", lnd->lnd_item[I_SHELL]); pr("%4d", lnd->lnd_item[I_GUN]); count_land_planes(lnd); @@ -88,7 +94,7 @@ unit_list(struct emp_qelem *unit_list) } pr("%4d", unit->mobil); pr("%4d", unit->tech); - if (unit->ef_type == EF_LAND) { + if (type == EF_LAND) { pr("%4d%%", lnd->lnd_retreat); pr("%5d", lnd->lnd_fuel); } @@ -108,6 +114,9 @@ unit_put(struct emp_qelem *list, natid actor) while (qp != list) { ulp = (struct ulist *)qp; unit = &ulp->unit.gen; + if (CANT_HAPPEN(unit->ef_type != EF_LAND + && unit->ef_type != EF_SHIP)) + continue; if (actor) { mpr(actor, "%s stopped at %s\n", obj_nameof(unit), xyas(unit->x, unit->y, unit->own)); @@ -137,6 +146,9 @@ unit_path(int together, struct empobj *unit, char *buf) double dummy; int mtype; + if (CANT_HAPPEN(unit->ef_type != EF_LAND && unit->ef_type != EF_SHIP)) + return NULL; + if (!sarg_xy(buf, &destx, &desty)) return 0; if (!together) { @@ -182,6 +194,8 @@ unit_view(struct emp_qelem *list) for (qp = list->q_back; qp != list; qp = next) { next = qp->q_back; ulp = (struct ulist *)qp; + if (CANT_HAPPEN(!(ef_flags(ulp->unit.ef_type) & EFF_XY))) + continue; getsect(ulp->unit.gen.x, ulp->unit.gen.y, §); if (ulp->unit.ef_type == EF_SHIP) { if (((struct mchrstr *)ulp->chrp)->m_flags & M_FOOD) diff --git a/src/lib/update/nxtitemp.c b/src/lib/update/nxtitemp.c index 21578bca..eaba139e 100644 --- a/src/lib/update/nxtitemp.c +++ b/src/lib/update/nxtitemp.c @@ -67,26 +67,33 @@ nxtitemp(struct nstr_item *np) case NS_ALL: break; case NS_DIST: + if (CANT_HAPPEN(!(ef_flags(np->type) & EFF_XY))) + return 0; if (!xyinrange(gp->x, gp->y, &np->range)) { selected = 0; break; } - np->curdist = mapdist((int)gp->x, (int)gp->y, - (int)np->cx, (int)np->cy); + np->curdist = mapdist(gp->x, gp->y, np->cx, np->cy); if (np->curdist > np->dist) selected = 0; break; case NS_AREA: + if (CANT_HAPPEN(!(ef_flags(np->type) & EFF_XY))) + return 0; if (!xyinrange(gp->x, gp->y, &np->range)) selected = 0; if (gp->x == np->range.hx || gp->y == np->range.hy) selected = 0; break; case NS_XY: + if (CANT_HAPPEN(!(ef_flags(np->type) & EFF_XY))) + return 0; if (xnorm(gp->x) != np->cx || ynorm(gp->y) != np->cy) selected = 0; break; case NS_GROUP: + if (CANT_HAPPEN(!(ef_flags(np->type) & EFF_GROUP))) + return 0; if (np->group != gp->group) selected = 0; break;