From a4e519c377523415a8997bbd017c788e654f2976 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Mon, 22 Dec 2014 15:29:17 +0100 Subject: [PATCH] navigate: Fix buffer overrun for impossibly long paths taken When a player moves more than 1023 sectors in a single navigate command, we overrun the buffer holding the path taken. Remote hole, but it requires a ship that can go that far, and even a ship with speed 1000 would need a tech level well in excess of 1000 for that. Thus, the hole is purely theoretical for even remotely sane game configurations. First known version with the flaw is 4.0.0. Fix by going back the older behavior: don't print the total path taken, but do print what the path finder does. Context diff of an example: [0:634] Command : nav 3 6,0 Flagship is od oil derrick (#3) +Using path 'n' h = k . . j d <67.2:67.2: 6,0> h od oil derrick (#3) stopped at 6,0 -Path taken: n This is how march works. Removes the only use of shp_nav_one_sector()'s unusual return value 2. Return 1 instead. Signed-off-by: Markus Armbruster --- src/lib/commands/navi.c | 25 +++---------------------- src/lib/subs/shpsub.c | 2 +- src/lib/subs/unitsub.c | 3 +-- tests/fire/journal.log | 5 ----- tests/navi-march/journal.log | 25 +++---------------------- tests/retreat/journal.log | 3 --- tests/smoke/journal.log | 6 +----- 7 files changed, 9 insertions(+), 60 deletions(-) diff --git a/src/lib/commands/navi.c b/src/lib/commands/navi.c index 848e517b..0870b373 100644 --- a/src/lib/commands/navi.c +++ b/src/lib/commands/navi.c @@ -29,7 +29,7 @@ * Known contributors to this file: * Ken Stevens, 1995 (rewritten) * Ron Koenderink, 2006-2007 - * Markus Armbruster, 2006-2011 + * Markus Armbruster, 2006-2014 */ #include @@ -76,8 +76,6 @@ do_unit_move(struct emp_qelem *ulist, int *together, int skip = 0; char buf[1024]; char prompt[128]; - char pathtaken[1024]; /* Doubtful we'll have a path longer than this */ - char *pt = pathtaken; char bmap_flag; int ac; int type; @@ -94,7 +92,6 @@ do_unit_move(struct emp_qelem *ulist, int *together, cp = unit_path(*together, leader, buf, sizeof(buf)); } - *pt = '\0'; while (!QEMPTY(ulist)) { char dp[80]; @@ -106,10 +103,6 @@ do_unit_move(struct emp_qelem *ulist, int *together, lnd_mar(ulist, minmob, maxmob, together, player->cnum); if (QEMPTY(ulist)) { pr("No %s left\n", type == EF_SHIP ? "ships" : "lands"); - if (type == EF_SHIP && strlen(pathtaken) > 1) { - pathtaken[strlen(pathtaken) - 1] = '\0'; - pr("Path taken: %s\n", pathtaken); - } return RET_OK; } leader = get_leader(ulist); @@ -137,10 +130,6 @@ do_unit_move(struct emp_qelem *ulist, int *together, lnd_mar(ulist, minmob, maxmob, together, player->cnum); if (QEMPTY(ulist)) { pr("No %s left\n", type == EF_SHIP ? "ships" : "lands"); - if (type == EF_SHIP && strlen(pathtaken) > 1) { - pathtaken[strlen(pathtaken) - 1] = '\0'; - pr("Path taken: %s\n", pathtaken); - } return RET_OK; } leader = get_leader(ulist); @@ -161,14 +150,10 @@ do_unit_move(struct emp_qelem *ulist, int *together, cp = &dirch[DIR_STOP]; dir = chkdir(*cp, DIR_STOP, DIR_LAST); if (dir >= 0) { - if (type == EF_SHIP) { + if (type == EF_SHIP) stopping |= shp_nav_one_sector(ulist, dir, player->cnum, *together); - if (stopping != 2) { - *pt++ = dirch[dir]; - *pt = '\0'; - } - } else + else stopping |= lnd_mar_one_sector(ulist, dir, player->cnum, *together); @@ -262,10 +247,6 @@ do_unit_move(struct emp_qelem *ulist, int *together, pr("`d' to drop mines, and `m' to minesweep\n"); stopping = 1; } - if (type == EF_SHIP && strlen(pathtaken) > 1) { - pathtaken[strlen(pathtaken) - 1] = '\0'; - pr("Path taken: %s\n", pathtaken); - } return RET_OK; } diff --git a/src/lib/subs/shpsub.c b/src/lib/subs/shpsub.c index 272f5127..e090034e 100644 --- a/src/lib/subs/shpsub.c +++ b/src/lib/subs/shpsub.c @@ -806,7 +806,7 @@ shp_nav_one_sector(struct emp_qelem *list, int dir, natid actor, sprintf(dp, "can't go to %s", xyas(newx, newy, actor)); if (together) { mpr(actor, "%s\n", dp); - return 2; + return 1; } else { shp_stays(actor, dp, mlp); continue; diff --git a/src/lib/subs/unitsub.c b/src/lib/subs/unitsub.c index 7fecad51..e8f95ed3 100644 --- a/src/lib/subs/unitsub.c +++ b/src/lib/subs/unitsub.c @@ -173,8 +173,7 @@ unit_path(int together, struct empobj *unit, char *buf, size_t bufsz) xyas(destx, desty, player->cnum)); return NULL; } - if (unit->ef_type == EF_LAND) - pr("Using path '%s'\n", buf); + pr("Using path '%s'\n", buf); return buf; } diff --git a/tests/fire/journal.log b/tests/fire/journal.log index 48cab9d0..41182f4e 100644 --- a/tests/fire/journal.log +++ b/tests/fire/journal.log @@ -635,7 +635,6 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is bb battleship (#3) Play#1 output Play#1 1 bb battleship (#3) stopped at 5,1 - Play#1 output Play#1 1 Path taken: j Play#1 output Play#1 6 0 565 Play#1 input fire sh 3 0,2 Play#1 command fire @@ -648,7 +647,6 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is bb battleship (#3) Play#1 output Play#1 1 bb battleship (#3) stopped at 3,1 - Play#1 output Play#1 1 Path taken: g Play#1 output Play#1 6 0 563 Play#1 input load s 3 2 Play#1 command load @@ -659,7 +657,6 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is bb battleship (#3) Play#1 output Play#1 1 bb battleship (#3) stopped at 5,1 - Play#1 output Play#1 1 Path taken: j Play#1 output Play#1 6 0 561 Play#1 input fire sh 3 0,2 Play#1 command fire @@ -672,7 +669,6 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is bb battleship (#3) Play#1 output Play#1 1 bb battleship (#3) stopped at 3,1 - Play#1 output Play#1 1 Path taken: g Play#1 output Play#1 6 0 559 Play#1 input load s 3 169 Play#1 command load @@ -768,7 +764,6 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is dd destroyer (#5) Play#1 output Play#1 1 dd destroyer (#5) stopped at 10,0 - Play#1 output Play#1 1 Path taken: j Play#1 output Play#1 6 0 544 Play#1 input fire sh 5 24 Play#1 command fire diff --git a/tests/navi-march/journal.log b/tests/navi-march/journal.log index 9913927a..666d000a 100644 --- a/tests/navi-march/journal.log +++ b/tests/navi-march/journal.log @@ -73,13 +73,11 @@ Play#1 output Play#1 4 <127.0:127.0: 0,0> Play#1 input yh Play#1 output Play#1 1 pt patrol boat (#10) stopped at -1,-1 - Play#1 output Play#1 1 Path taken: y Play#1 output Play#1 6 0 637 Play#1 input navi 20 yh Play#1 command navigate Play#1 output Play#1 1 Flagship is pt patrol boat (#20) Play#1 output Play#1 1 pt patrol boat (#20) stopped at 0,0 - Play#1 output Play#1 1 Path taken: y Play#1 output Play#1 6 0 636 Play#1 input navi 21 h Play#1 command navigate @@ -91,7 +89,6 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is pt patrol boat (#22) Play#1 output Play#1 1 pt patrol boat (#22) stopped at 3,-1 - Play#1 output Play#1 1 Path taken: u Play#1 output Play#1 6 0 634 Play#1 input navi 23 h Play#1 command navigate @@ -104,7 +101,6 @@ Play#1 output Play#1 1 cs cargo ship (#26) is landlocked & stays in 2,2 Play#1 output Play#1 1 Flagship is pt patrol boat (#24) Play#1 output Play#1 1 pt patrol boat (#24) stopped at 1,1 - Play#1 output Play#1 1 Path taken: y Play#1 output Play#1 6 0 632 Play#1 input navi 25 h Play#1 command navigate @@ -133,7 +129,6 @@ Play#1 output Play#1 1 shp# ship type x,y fl eff mil sh gun pn he xl ln mob tech Play#1 output Play#1 1 30 pt patrol boat 11,-5 100% 2 0 0 0 0 0 0 117 40 Play#1 output Play#1 1 pt patrol boat (#30) stopped at 10,-6 - Play#1 output Play#1 1 Path taken: jy Play#1 output Play#1 6 0 629 Play#1 input navi 32/33/34/35/36/37/38/39 jiyh Play#1 command navigate @@ -169,13 +164,11 @@ Play#1 output Play#1 1 pt patrol boat (#37) stopped at 10,-6 Play#1 output Play#1 1 pt patrol boat (#38) stopped at 10,-6 Play#1 output Play#1 1 pt patrol boat (#39) stopped at 10,-6 - Play#1 output Play#1 1 Path taken: jy Play#1 output Play#1 6 0 628 Play#1 input navi 50 nh Play#1 command navigate Play#1 output Play#1 1 Flagship is pt patrol boat (#50) Play#1 output Play#1 1 pt patrol boat (#50) stopped at 1,1 - Play#1 output Play#1 1 Path taken: n Play#1 output Play#1 6 0 627 Play#1 input navi 51 bX Play#1 command navigate @@ -192,7 +185,6 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is pt patrol boat (#52) Play#1 output Play#1 1 pt patrol boat (#52) stopped at 2,0 - Play#1 output Play#1 1 Path taken: g Play#1 output Play#1 6 0 625 Play#1 input navi 53 jX Play#1 command navigate @@ -219,7 +211,6 @@ Play#1 output Play#1 1 55 cs cargo ship 1,1 100% 5 0 0 0 0 0 0 127 20 Play#1 output Play#1 1 pt patrol boat (#54) stopped at 0,0 Play#1 output Play#1 1 cs cargo ship (#55) stopped at -1,-1 - Play#1 output Play#1 1 Path taken: yy Play#1 output Play#1 6 0 623 Play#1 input navi 57/56 n Play#1 command navigate @@ -235,7 +226,6 @@ Play#1 output Play#1 1 56 pt patrol boat 1,1 100% 2 0 0 0 0 0 0 127 40 Play#1 output Play#1 1 cs cargo ship (#57) stopped at -1,-1 Play#1 output Play#1 1 pt patrol boat (#56) stopped at -1,-1 - Play#1 output Play#1 1 Path taken: yy Play#1 output Play#1 6 0 622 Play#1 input navi 58/59 nX Play#1 command navigate @@ -275,13 +265,11 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is pt patrol boat (#62) Play#1 output Play#1 1 pt patrol boat (#62) stopped at -13,1 - Play#1 output Play#1 1 Path taken: b Play#1 output Play#1 6 0 618 Play#1 input navi 63 bh Play#1 command navigate Play#1 output Play#1 1 Flagship is pt patrol boat (#63) Play#1 output Play#1 1 pt patrol boat (#63) stopped at -5,1 - Play#1 output Play#1 1 Path taken: b Play#1 output Play#1 6 0 617 Play#1 input navi 64 bX Play#1 command navigate @@ -309,13 +297,11 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is pt patrol boat (#70) Play#1 output Play#1 1 pt patrol boat (#70) stopped at -14,0 - Play#1 output Play#1 1 Path taken: g Play#1 output Play#1 6 0 614 Play#1 input navi 71 gh Play#1 command navigate Play#1 output Play#1 1 Flagship is pt patrol boat (#71) Play#1 output Play#1 1 pt patrol boat (#71) stopped at -6,0 - Play#1 output Play#1 1 Path taken: g Play#1 output Play#1 6 0 613 Play#1 input navi 72 gX Play#1 command navigate @@ -347,16 +333,17 @@ Play#1 input h Play#1 output Play#1 1 cs cargo ship (#80) stopped at -4,-4 Play#1 output Play#1 1 cs cargo ship (#81) stopped at -4,-4 - Play#1 output Play#1 1 Path taken: yyyy Play#1 output Play#1 6 0 611 Play#1 input navi 90 -3,-3 Play#1 command navigate Play#1 output Play#1 1 Flagship is pt patrol boat (#90) + Play#1 output Play#1 1 Using path 'yyy' Play#1 output Play#1 1 . . Play#1 output Play#1 1 . . . Play#1 output Play#1 1 . . Play#1 output Play#1 4 <99.4:99.4: -3,-3> Play#1 input 0,-4 + Play#1 output Play#1 1 Using path 'uj' Play#1 output Play#1 1 . . Play#1 output Play#1 1 . . . Play#1 output Play#1 1 . i @@ -364,7 +351,6 @@ Play#1 input 1,-1 Play#1 output Play#1 1 Can't get to '1,-1' right now. Play#1 output Play#1 1 pt patrol boat (#90) stopped at 0,-4 - Play#1 output Play#1 1 Path taken: yyyuj Play#1 output Play#1 6 0 610 Play#1 input navi 90 1,-1 Play#1 command navigate @@ -380,13 +366,13 @@ Play#1 input navi 91 -3,1 Play#1 command navigate Play#1 output Play#1 1 Flagship is pt patrol boat (#91) + Play#1 output Play#1 1 Using path 'gb' Play#1 output Play#1 1 . . Play#1 output Play#1 1 h h h Play#1 output Play#1 1 c c Play#1 output Play#1 4 <108.6:108.6: -3,1> Play#1 input h Play#1 output Play#1 1 pt patrol boat (#91) stopped at -3,1 - Play#1 output Play#1 1 Path taken: gb Play#1 output Play#1 6 0 608 Play#1 input navi 92 2,2 Play#1 command navigate @@ -544,7 +530,6 @@ Play#1 output Play#1 1 ft fishing trawler (#101) stopped at 3,-1 Play#1 output Play#1 1 dd destroyer (#100) stopped at 3,-1 Play#1 output Play#1 1 oe oil exploration boat (#102) stopped at 3,-1 - Play#1 output Play#1 1 Path taken: ygg Play#1 output Play#1 6 0 599 Play#1 input navi 110/111 d Play#1 command navigate @@ -561,7 +546,6 @@ Play#1 input h Play#1 output Play#1 1 ms minesweeper (#110) stopped at 10,-2 Play#1 output Play#1 1 ms minesweeper (#111) stopped at 10,-2 - Play#1 output Play#1 1 Path taken: n Play#1 output Play#1 6 0 595 Play#1 input navi 0/1 mh Play#1 command navigate @@ -603,7 +587,6 @@ Play#1 output Play#1 1 ms minesweeper (#128) is out of mobility & stays in 11,-3 Play#1 output Play#1 1 ms minesweeper (#121) stopped at 13,-3 Play#1 output Play#1 1 ms minesweeper (#122) stopped at 13,-3 - Play#1 output Play#1 1 Path taken: jj Play#1 output Play#1 6 0 592 Play#1 input __cmd added -1 0 0 Play#1 command __cmd @@ -618,7 +601,6 @@ Play#1 output Play#1 1 Sweep... Play#1 output Play#1 1 Sweep... Play#1 output Play#1 1 ms minesweeper (#129) stopped at 10,-2 - Play#1 output Play#1 1 Path taken: n Play#1 output Play#1 6 0 591 Play#1 input navi 135/130/131/136/137/138/139 Play#1 command navigate @@ -707,7 +689,6 @@ Play#1 output Play#1 1 pt patrol boat (#137) stopped at 11,-5 Play#1 output Play#1 1 pt patrol boat (#138) stopped at 11,-5 Play#1 output Play#1 1 pt patrol boat (#139) stopped at 11,-5 - Play#1 output Play#1 1 Path taken: j Play#1 output Play#1 6 0 590 Play#1 input ctld Play#1 output Play#1 1 Bye-bye diff --git a/tests/retreat/journal.log b/tests/retreat/journal.log index 878f9f39..98151823 100644 --- a/tests/retreat/journal.log +++ b/tests/retreat/journal.log @@ -278,7 +278,6 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is dd destroyer (#5) Play#1 output Play#1 1 dd destroyer (#5) stopped at -5,-1 - Play#1 output Play#1 1 Path taken: gyu Play#1 output Play#1 6 0 610 Play#1 input fire sh 5 53 Play#1 command fire @@ -731,13 +730,11 @@ Play#1 output Play#1 1 . . . . Play#1 output Play#1 1 Play#1 output Play#1 1 dd destroyer (#5) stopped at -6,0 - Play#1 output Play#1 1 Path taken: b Play#1 output Play#1 6 0 573 Play#1 input navi 5 nh Play#1 command navigate Play#1 output Play#1 1 Flagship is dd destroyer (#5) Play#1 output Play#1 1 dd destroyer (#5) stopped at -5,1 - Play#1 output Play#1 1 Path taken: n Play#1 output Play#1 6 0 572 Play#1 input board 130 5 Play#1 command board diff --git a/tests/smoke/journal.log b/tests/smoke/journal.log index ca82bd8a..379a9603 100644 --- a/tests/smoke/journal.log +++ b/tests/smoke/journal.log @@ -4186,7 +4186,6 @@ Play#1 output Play#1 4 <59.3:59.3: 9,-1> Play#1 input h Play#1 output Play#1 1 frg frigate (#0) stopped at 9,-1 - Play#1 output Play#1 1 Path taken: jj Play#1 output Play#1 6 0 547 Play#1 input assault 11,-1 0 Play#1 command assault @@ -5083,7 +5082,6 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is frg frigate (#0) Play#1 output Play#1 1 frg frigate (#0) stopped at 13,1 - Play#1 output Play#1 1 Path taken: njn Play#1 output Play#1 6 0 518 Play#1 input look 0 Play#1 command lookout @@ -10786,7 +10784,6 @@ Play#1 command navigate Play#1 output Play#1 1 Flagship is cs cargo ship (#2) Play#1 output Play#1 1 cs cargo ship (#2) stopped at 6,0 - Play#1 output Play#1 1 Path taken: n Play#1 output Play#1 6 0 608 Play#1 input scrap l 1 Play#1 command scrap @@ -14497,13 +14494,13 @@ Play#1 input nav 3 6,0 Play#1 command navigate Play#1 output Play#1 1 Flagship is od oil derrick (#3) + Play#1 output Play#1 1 Using path 'n' Play#1 output Play#1 1 h = Play#1 output Play#1 1 k . . Play#1 output Play#1 1 j d Play#1 output Play#1 4 <67.2:67.2: 6,0> Play#1 input h Play#1 output Play#1 1 od oil derrick (#3) stopped at 6,0 - Play#1 output Play#1 1 Path taken: n Play#1 output Play#1 6 0 633 Play#1 input nav 3 vh Play#1 command navigate @@ -14524,7 +14521,6 @@ Play#1 output Play#1 1 Flagship is ft fishing trawler (#4) Play#1 output Play#1 1 [fert:84] ft fishing trawler (#4) @ 6,0 0% sea Play#1 output Play#1 1 ft fishing trawler (#4) stopped at 6,0 - Play#1 output Play#1 1 Path taken: n Play#1 output Play#1 6 0 629 Play#1 input order 4 des 5,-1 6,0 Play#1 command order