navigate: Fix buffer overrun for impossibly long paths taken
When a player moves more than 1023 sectors in a single navigate
command, we overrun the buffer holding the path taken. Remote hole,
but it requires a ship that can go that far, and even a ship with
speed 1000 would need a tech level well in excess of 1000 for that.
Thus, the hole is purely theoretical for even remotely sane game
configurations.
First known version with the flaw is 4.0.0.
Fix by going back the older behavior: don't print the total path
taken, but do print what the path finder does. Context diff of an
example:
[0:634] Command : nav 3 6,0
Flagship is od oil derrick (#3)
+Using path 'n'
h =
k . .
j d
<67.2:67.2: 6,0> h
od oil derrick (#3) stopped at 6,0
-Path taken: n
This is how march works.
Removes the only use of shp_nav_one_sector()'s unusual return value 2.
Return 1 instead.
Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
This commit is contained in:
parent
56ac486cc8
commit
a4e519c377
7 changed files with 9 additions and 60 deletions
|
|
@ -29,7 +29,7 @@
|
|||
* Known contributors to this file:
|
||||
* Ken Stevens, 1995 (rewritten)
|
||||
* Ron Koenderink, 2006-2007
|
||||
* Markus Armbruster, 2006-2011
|
||||
* Markus Armbruster, 2006-2014
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
|
|
@ -76,8 +76,6 @@ do_unit_move(struct emp_qelem *ulist, int *together,
|
|||
int skip = 0;
|
||||
char buf[1024];
|
||||
char prompt[128];
|
||||
char pathtaken[1024]; /* Doubtful we'll have a path longer than this */
|
||||
char *pt = pathtaken;
|
||||
char bmap_flag;
|
||||
int ac;
|
||||
int type;
|
||||
|
|
@ -94,7 +92,6 @@ do_unit_move(struct emp_qelem *ulist, int *together,
|
|||
cp = unit_path(*together, leader, buf, sizeof(buf));
|
||||
}
|
||||
|
||||
*pt = '\0';
|
||||
while (!QEMPTY(ulist)) {
|
||||
char dp[80];
|
||||
|
||||
|
|
@ -106,10 +103,6 @@ do_unit_move(struct emp_qelem *ulist, int *together,
|
|||
lnd_mar(ulist, minmob, maxmob, together, player->cnum);
|
||||
if (QEMPTY(ulist)) {
|
||||
pr("No %s left\n", type == EF_SHIP ? "ships" : "lands");
|
||||
if (type == EF_SHIP && strlen(pathtaken) > 1) {
|
||||
pathtaken[strlen(pathtaken) - 1] = '\0';
|
||||
pr("Path taken: %s\n", pathtaken);
|
||||
}
|
||||
return RET_OK;
|
||||
}
|
||||
leader = get_leader(ulist);
|
||||
|
|
@ -137,10 +130,6 @@ do_unit_move(struct emp_qelem *ulist, int *together,
|
|||
lnd_mar(ulist, minmob, maxmob, together, player->cnum);
|
||||
if (QEMPTY(ulist)) {
|
||||
pr("No %s left\n", type == EF_SHIP ? "ships" : "lands");
|
||||
if (type == EF_SHIP && strlen(pathtaken) > 1) {
|
||||
pathtaken[strlen(pathtaken) - 1] = '\0';
|
||||
pr("Path taken: %s\n", pathtaken);
|
||||
}
|
||||
return RET_OK;
|
||||
}
|
||||
leader = get_leader(ulist);
|
||||
|
|
@ -161,14 +150,10 @@ do_unit_move(struct emp_qelem *ulist, int *together,
|
|||
cp = &dirch[DIR_STOP];
|
||||
dir = chkdir(*cp, DIR_STOP, DIR_LAST);
|
||||
if (dir >= 0) {
|
||||
if (type == EF_SHIP) {
|
||||
if (type == EF_SHIP)
|
||||
stopping |= shp_nav_one_sector(ulist, dir,
|
||||
player->cnum, *together);
|
||||
if (stopping != 2) {
|
||||
*pt++ = dirch[dir];
|
||||
*pt = '\0';
|
||||
}
|
||||
} else
|
||||
else
|
||||
stopping |=
|
||||
lnd_mar_one_sector(ulist, dir, player->cnum,
|
||||
*together);
|
||||
|
|
@ -262,10 +247,6 @@ do_unit_move(struct emp_qelem *ulist, int *together,
|
|||
pr("`d' to drop mines, and `m' to minesweep\n");
|
||||
stopping = 1;
|
||||
}
|
||||
if (type == EF_SHIP && strlen(pathtaken) > 1) {
|
||||
pathtaken[strlen(pathtaken) - 1] = '\0';
|
||||
pr("Path taken: %s\n", pathtaken);
|
||||
}
|
||||
return RET_OK;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue