navigate: Fix buffer overrun for impossibly long paths taken

When a player moves more than 1023 sectors in a single navigate command, we overrun the buffer holding the path taken. Remote hole, but it requires a ship that can go that far, and even a ship with speed 1000 would need a tech level well in excess of 1000 for that. Thus, the hole is purely theoretical for even remotely sane game configurations. First known version with the flaw is 4.0.0. Fix by going back the older behavior: don't print the total path taken, but do print what the path finder does. Context diff of an example: [0:634] Command : nav 3 6,0 Flagship is od oil derrick (#3) +Using path 'n' h = k . . j d <67.2:67.2: 6,0> h od oil derrick (#3) stopped at 6,0 -Path taken: n This is how march works. Removes the only use of shp_nav_one_sector()'s unusual return value 2. Return 1 instead. Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
2014-12-22 15:29:17 +01:00 · 2014-12-22 15:29:17 +01:00 · a4e519c377
commit a4e519c377
parent 56ac486cc8
7 changed files with 9 additions and 60 deletions
--- a/src/lib/commands/navi.c
+++ b/src/lib/commands/navi.c
@ -29,7 +29,7 @@
 *  Known contributors to this file:
 *     Ken Stevens, 1995 (rewritten)
 *     Ron Koenderink, 2006-2007
- *     Markus Armbruster, 2006-2011
+ *     Markus Armbruster, 2006-2014
 */

 #include <config.h>
@ -76,8 +76,6 @@ do_unit_move(struct emp_qelem *ulist, int *together,
    int skip = 0;
    char buf[1024];
    char prompt[128];
-    char pathtaken[1024];  /* Doubtful we'll have a path longer than this */
-    char *pt = pathtaken;
    char bmap_flag;
    int ac;
    int type;
@ -94,7 +92,6 @@ do_unit_move(struct emp_qelem *ulist, int *together,
 	cp = unit_path(*together, leader, buf, sizeof(buf));
    }

-    *pt = '\0';
    while (!QEMPTY(ulist)) {
 	char dp[80];

@ -106,10 +103,6 @@ do_unit_move(struct emp_qelem *ulist, int *together,
 		lnd_mar(ulist, minmob, maxmob, together, player->cnum);
 	    if (QEMPTY(ulist)) {
 		pr("No %s left\n", type == EF_SHIP ? "ships" : "lands");
-		if (type == EF_SHIP && strlen(pathtaken) > 1) {
-		    pathtaken[strlen(pathtaken) - 1] = '\0';
-		    pr("Path taken: %s\n", pathtaken);
-		}
 		return RET_OK;
 	    }
 	    leader = get_leader(ulist);
@ -137,10 +130,6 @@ do_unit_move(struct emp_qelem *ulist, int *together,
 		lnd_mar(ulist, minmob, maxmob, together, player->cnum);
 	    if (QEMPTY(ulist)) {
 		pr("No %s left\n", type == EF_SHIP ? "ships" : "lands");
-		if (type == EF_SHIP && strlen(pathtaken) > 1) {
-		    pathtaken[strlen(pathtaken) - 1] = '\0';
-		    pr("Path taken: %s\n", pathtaken);
-		}
 		return RET_OK;
 	    }
 	    leader = get_leader(ulist);
@ -161,14 +150,10 @@ do_unit_move(struct emp_qelem *ulist, int *together,
 	    cp = &dirch[DIR_STOP];
 	dir = chkdir(*cp, DIR_STOP, DIR_LAST);
 	if (dir >= 0) {
-	    if (type == EF_SHIP) {
+	    if (type == EF_SHIP)
 		stopping |= shp_nav_one_sector(ulist, dir,
 					       player->cnum, *together);
-		if (stopping != 2) {
-		    *pt++ = dirch[dir];
-		    *pt = '\0';
-		}
-	    } else
+	    else
 		stopping |=
 		    lnd_mar_one_sector(ulist, dir, player->cnum,
 				       *together);
@ -262,10 +247,6 @@ do_unit_move(struct emp_qelem *ulist, int *together,
 	pr("`d' to drop mines, and `m' to minesweep\n");
 	stopping = 1;
    }
-    if (type == EF_SHIP && strlen(pathtaken) > 1) {
-	pathtaken[strlen(pathtaken) - 1] = '\0';
-	pr("Path taken: %s\n", pathtaken);
-    }
    return RET_OK;
 }

--- a/src/lib/subs/shpsub.c
+++ b/src/lib/subs/shpsub.c
@ -806,7 +806,7 @@ shp_nav_one_sector(struct emp_qelem *list, int dir, natid actor,
 		sprintf(dp, "can't go to %s", xyas(newx, newy, actor));
 	    if (together) {
 		mpr(actor, "%s\n", dp);
-		return 2;
+		return 1;
 	    } else {
 		shp_stays(actor, dp, mlp);
 		continue;
--- a/src/lib/subs/unitsub.c
+++ b/src/lib/subs/unitsub.c
@ -173,8 +173,7 @@ unit_path(int together, struct empobj *unit, char *buf, size_t bufsz)
 	   xyas(destx, desty, player->cnum));
 	return NULL;
    }
-    if (unit->ef_type == EF_LAND)
-	pr("Using path '%s'\n", buf);
+    pr("Using path '%s'\n", buf);
    return buf;
 }

--- a/tests/fire/journal.log
+++ b/tests/fire/journal.log
@ -635,7 +635,6 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is bb   battleship (#3)
    Play#1 output Play#1 1 bb   battleship (#3) stopped at 5,1
-    Play#1 output Play#1 1 Path taken: j
    Play#1 output Play#1 6 0 565
    Play#1 input fire sh 3 0,2
    Play#1 command fire
@ -648,7 +647,6 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is bb   battleship (#3)
    Play#1 output Play#1 1 bb   battleship (#3) stopped at 3,1
-    Play#1 output Play#1 1 Path taken: g
    Play#1 output Play#1 6 0 563
    Play#1 input load s 3 2
    Play#1 command load
@ -659,7 +657,6 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is bb   battleship (#3)
    Play#1 output Play#1 1 bb   battleship (#3) stopped at 5,1
-    Play#1 output Play#1 1 Path taken: j
    Play#1 output Play#1 6 0 561
    Play#1 input fire sh 3 0,2
    Play#1 command fire
@ -672,7 +669,6 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is bb   battleship (#3)
    Play#1 output Play#1 1 bb   battleship (#3) stopped at 3,1
-    Play#1 output Play#1 1 Path taken: g
    Play#1 output Play#1 6 0 559
    Play#1 input load s 3 169
    Play#1 command load
@ -768,7 +764,6 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is dd   destroyer (#5)
    Play#1 output Play#1 1 dd   destroyer (#5) stopped at 10,0
-    Play#1 output Play#1 1 Path taken: j
    Play#1 output Play#1 6 0 544
    Play#1 input fire sh 5 24
    Play#1 command fire
--- a/tests/navi-march/journal.log
+++ b/tests/navi-march/journal.log
@ -73,13 +73,11 @@
    Play#1 output Play#1 4 <127.0:127.0: 0,0>
    Play#1 input yh
    Play#1 output Play#1 1 pt   patrol boat (#10) stopped at -1,-1
-    Play#1 output Play#1 1 Path taken: y
    Play#1 output Play#1 6 0 637
    Play#1 input navi 20 yh
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#20)
    Play#1 output Play#1 1 pt   patrol boat (#20) stopped at 0,0
-    Play#1 output Play#1 1 Path taken: y
    Play#1 output Play#1 6 0 636
    Play#1 input navi 21 h
    Play#1 command navigate
@ -91,7 +89,6 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#22)
    Play#1 output Play#1 1 pt   patrol boat (#22) stopped at 3,-1
-    Play#1 output Play#1 1 Path taken: u
    Play#1 output Play#1 6 0 634
    Play#1 input navi 23 h
    Play#1 command navigate
@ -104,7 +101,6 @@
    Play#1 output Play#1 1 cs   cargo ship (#26) is landlocked & stays in 2,2
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#24)
    Play#1 output Play#1 1 pt   patrol boat (#24) stopped at 1,1
-    Play#1 output Play#1 1 Path taken: y
    Play#1 output Play#1 6 0 632
    Play#1 input navi 25 h
    Play#1 command navigate
@ -133,7 +129,6 @@
    Play#1 output Play#1 1 shp#     ship type       x,y   fl  eff mil  sh gun pn he xl ln mob tech
    Play#1 output Play#1 1   30 pt   patrol boat   11,-5     100%   2   0   0  0  0  0  0 117  40
    Play#1 output Play#1 1 pt   patrol boat (#30) stopped at 10,-6
-    Play#1 output Play#1 1 Path taken: jy
    Play#1 output Play#1 6 0 629
    Play#1 input navi 32/33/34/35/36/37/38/39 jiyh
    Play#1 command navigate
@ -169,13 +164,11 @@
    Play#1 output Play#1 1 pt   patrol boat (#37) stopped at 10,-6
    Play#1 output Play#1 1 pt   patrol boat (#38) stopped at 10,-6
    Play#1 output Play#1 1 pt   patrol boat (#39) stopped at 10,-6
-    Play#1 output Play#1 1 Path taken: jy
    Play#1 output Play#1 6 0 628
    Play#1 input navi 50 nh
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#50)
    Play#1 output Play#1 1 pt   patrol boat (#50) stopped at 1,1
-    Play#1 output Play#1 1 Path taken: n
    Play#1 output Play#1 6 0 627
    Play#1 input navi 51 bX
    Play#1 command navigate
@ -192,7 +185,6 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#52)
    Play#1 output Play#1 1 pt   patrol boat (#52) stopped at 2,0
-    Play#1 output Play#1 1 Path taken: g
    Play#1 output Play#1 6 0 625
    Play#1 input navi 53 jX
    Play#1 command navigate
@ -219,7 +211,6 @@
    Play#1 output Play#1 1   55 cs   cargo ship     1,1      100%   5   0   0  0  0  0  0 127  20
    Play#1 output Play#1 1 pt   patrol boat (#54) stopped at 0,0
    Play#1 output Play#1 1 cs   cargo ship (#55) stopped at -1,-1
-    Play#1 output Play#1 1 Path taken: yy
    Play#1 output Play#1 6 0 623
    Play#1 input navi 57/56 n
    Play#1 command navigate
@ -235,7 +226,6 @@
    Play#1 output Play#1 1   56 pt   patrol boat    1,1      100%   2   0   0  0  0  0  0 127  40
    Play#1 output Play#1 1 cs   cargo ship (#57) stopped at -1,-1
    Play#1 output Play#1 1 pt   patrol boat (#56) stopped at -1,-1
-    Play#1 output Play#1 1 Path taken: yy
    Play#1 output Play#1 6 0 622
    Play#1 input navi 58/59 nX
    Play#1 command navigate
@ -275,13 +265,11 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#62)
    Play#1 output Play#1 1 pt   patrol boat (#62) stopped at -13,1
-    Play#1 output Play#1 1 Path taken: b
    Play#1 output Play#1 6 0 618
    Play#1 input navi 63 bh
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#63)
    Play#1 output Play#1 1 pt   patrol boat (#63) stopped at -5,1
-    Play#1 output Play#1 1 Path taken: b
    Play#1 output Play#1 6 0 617
    Play#1 input navi 64 bX
    Play#1 command navigate
@ -309,13 +297,11 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#70)
    Play#1 output Play#1 1 pt   patrol boat (#70) stopped at -14,0
-    Play#1 output Play#1 1 Path taken: g
    Play#1 output Play#1 6 0 614
    Play#1 input navi 71 gh
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#71)
    Play#1 output Play#1 1 pt   patrol boat (#71) stopped at -6,0
-    Play#1 output Play#1 1 Path taken: g
    Play#1 output Play#1 6 0 613
    Play#1 input navi 72 gX
    Play#1 command navigate
@ -347,16 +333,17 @@
    Play#1 input h
    Play#1 output Play#1 1 cs   cargo ship (#80) stopped at -4,-4
    Play#1 output Play#1 1 cs   cargo ship (#81) stopped at -4,-4
-    Play#1 output Play#1 1 Path taken: yyyy
    Play#1 output Play#1 6 0 611
    Play#1 input navi 90 -3,-3
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#90)
+    Play#1 output Play#1 1 Using path 'yyy'
    Play#1 output Play#1 1  . .
    Play#1 output Play#1 1 . . .
    Play#1 output Play#1 1  . .
    Play#1 output Play#1 4 <99.4:99.4: -3,-3>
    Play#1 input 0,-4
+    Play#1 output Play#1 1 Using path 'uj'
    Play#1 output Play#1 1  . .
    Play#1 output Play#1 1 . . .
    Play#1 output Play#1 1  . i
@ -364,7 +351,6 @@
    Play#1 input 1,-1
    Play#1 output Play#1 1 Can't get to '1,-1' right now.
    Play#1 output Play#1 1 pt   patrol boat (#90) stopped at 0,-4
-    Play#1 output Play#1 1 Path taken: yyyuj
    Play#1 output Play#1 6 0 610
    Play#1 input navi 90 1,-1
    Play#1 command navigate
@ -380,13 +366,13 @@
    Play#1 input navi 91 -3,1
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is pt   patrol boat (#91)
+    Play#1 output Play#1 1 Using path 'gb'
    Play#1 output Play#1 1  . .
    Play#1 output Play#1 1 h h h
    Play#1 output Play#1 1  c c
    Play#1 output Play#1 4 <108.6:108.6: -3,1>
    Play#1 input h
    Play#1 output Play#1 1 pt   patrol boat (#91) stopped at -3,1
-    Play#1 output Play#1 1 Path taken: gb
    Play#1 output Play#1 6 0 608
    Play#1 input navi 92 2,2
    Play#1 command navigate
@ -544,7 +530,6 @@
    Play#1 output Play#1 1 ft   fishing trawler (#101) stopped at 3,-1
    Play#1 output Play#1 1 dd   destroyer (#100) stopped at 3,-1
    Play#1 output Play#1 1 oe   oil exploration boat (#102) stopped at 3,-1
-    Play#1 output Play#1 1 Path taken: ygg
    Play#1 output Play#1 6 0 599
    Play#1 input navi 110/111 d
    Play#1 command navigate
@ -561,7 +546,6 @@
    Play#1 input h
    Play#1 output Play#1 1 ms   minesweeper (#110) stopped at 10,-2
    Play#1 output Play#1 1 ms   minesweeper (#111) stopped at 10,-2
-    Play#1 output Play#1 1 Path taken: n
    Play#1 output Play#1 6 0 595
    Play#1 input navi 0/1 mh
    Play#1 command navigate
@ -603,7 +587,6 @@
    Play#1 output Play#1 1 ms   minesweeper (#128) is out of mobility & stays in 11,-3
    Play#1 output Play#1 1 ms   minesweeper (#121) stopped at 13,-3
    Play#1 output Play#1 1 ms   minesweeper (#122) stopped at 13,-3
-    Play#1 output Play#1 1 Path taken: jj
    Play#1 output Play#1 6 0 592
    Play#1 input __cmd added -1 0 0
    Play#1 command __cmd
@ -618,7 +601,6 @@
    Play#1 output Play#1 1 Sweep...
    Play#1 output Play#1 1 Sweep...
    Play#1 output Play#1 1 ms   minesweeper (#129) stopped at 10,-2
-    Play#1 output Play#1 1 Path taken: n
    Play#1 output Play#1 6 0 591
    Play#1 input navi 135/130/131/136/137/138/139
    Play#1 command navigate
@ -707,7 +689,6 @@
    Play#1 output Play#1 1 pt   patrol boat (#137) stopped at 11,-5
    Play#1 output Play#1 1 pt   patrol boat (#138) stopped at 11,-5
    Play#1 output Play#1 1 pt   patrol boat (#139) stopped at 11,-5
-    Play#1 output Play#1 1 Path taken: j
    Play#1 output Play#1 6 0 590
    Play#1 input ctld
    Play#1 output Play#1 1 Bye-bye
--- a/tests/retreat/journal.log
+++ b/tests/retreat/journal.log
@ -278,7 +278,6 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is dd   destroyer (#5)
    Play#1 output Play#1 1 dd   destroyer (#5) stopped at -5,-1
-    Play#1 output Play#1 1 Path taken: gyu
    Play#1 output Play#1 6 0 610
    Play#1 input fire sh 5 53
    Play#1 command fire
@ -731,13 +730,11 @@
    Play#1 output Play#1 1    . . . .
    Play#1 output Play#1 1
    Play#1 output Play#1 1 dd   destroyer (#5) stopped at -6,0
-    Play#1 output Play#1 1 Path taken: b
    Play#1 output Play#1 6 0 573
    Play#1 input navi 5 nh
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is dd   destroyer (#5)
    Play#1 output Play#1 1 dd   destroyer (#5) stopped at -5,1
-    Play#1 output Play#1 1 Path taken: n
    Play#1 output Play#1 6 0 572
    Play#1 input board 130 5
    Play#1 command board
--- a/tests/smoke/journal.log
+++ b/tests/smoke/journal.log
@ -4186,7 +4186,6 @@
    Play#1 output Play#1 4 <59.3:59.3: 9,-1>
    Play#1 input h
    Play#1 output Play#1 1 frg  frigate (#0) stopped at 9,-1
-    Play#1 output Play#1 1 Path taken: jj
    Play#1 output Play#1 6 0 547
    Play#1 input assault 11,-1 0
    Play#1 command assault
@ -5083,7 +5082,6 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is frg  frigate (#0)
    Play#1 output Play#1 1 frg  frigate (#0) stopped at 13,1
-    Play#1 output Play#1 1 Path taken: njn
    Play#1 output Play#1 6 0 518
    Play#1 input look 0
    Play#1 command lookout
@ -10786,7 +10784,6 @@
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is cs   cargo ship (#2)
    Play#1 output Play#1 1 cs   cargo ship (#2) stopped at 6,0
-    Play#1 output Play#1 1 Path taken: n
    Play#1 output Play#1 6 0 608
    Play#1 input scrap l 1
    Play#1 command scrap
@ -14497,13 +14494,13 @@
    Play#1 input nav 3 6,0
    Play#1 command navigate
    Play#1 output Play#1 1 Flagship is od   oil derrick (#3)
+    Play#1 output Play#1 1 Using path 'n'
    Play#1 output Play#1 1  h =
    Play#1 output Play#1 1 k . .
    Play#1 output Play#1 1  j d
    Play#1 output Play#1 4 <67.2:67.2: 6,0>
    Play#1 input h
    Play#1 output Play#1 1 od   oil derrick (#3) stopped at 6,0
-    Play#1 output Play#1 1 Path taken: n
    Play#1 output Play#1 6 0 633
    Play#1 input nav 3 vh
    Play#1 command navigate
@ -14524,7 +14521,6 @@
    Play#1 output Play#1 1 Flagship is ft   fishing trawler (#4)
    Play#1 output Play#1 1 [fert:84] ft   fishing trawler (#4) @ 6,0 0% sea
    Play#1 output Play#1 1 ft   fishing trawler (#4) stopped at 6,0
-    Play#1 output Play#1 1 Path taken: n
    Play#1 output Play#1 6 0 629
    Play#1 input order 4 des 5,-1 6,0
    Play#1 command order