empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix use of invalid pointer when depleting resource "none"

Browse source 
prod() and produce() dereferenced resource uninitialized for products
depleting resource "none" (p_nrdep != 0 && p_nrndx == 0).  The latter
even wrote to it.

Depleting "none" makes no sense, and the depletion is now ignored.
Before, it could conceivably crash the server or corrupt the game.
This commit is contained in:
Markus Armbruster 2009-09-07 15:18:17 -04:00
parent c0b2eec69d
commit c63ec06d15
2 changed files with 15 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/lib/commands/prod.c
View file

@ -211,14 +211,17 @@ prod(void)
unit_work = 0; unit_work = 0;
pp = &pchr[dchr[type].d_prd]; pp = &pchr[dchr[type].d_prd];
vtype = pp->p_type; vtype = pp->p_type;
if (pp->p_nrndx)
resource = (unsigned char *)&sect + pp->p_nrndx;
else
resource = NULL;
natp = getnatp(sect.sct_own); natp = getnatp(sect.sct_own);
/* /*
* sect p_e (inc improvements) * sect p_e (inc improvements)
*/ */
if (pp->p_nrndx != 0) { if (resource) {
unit_work++; unit_work++;
resource = (unsigned char *)&sect + pp->p_nrndx; p_e *= *resource / 100.0;
p_e = (*resource * p_e) / 100.0;
} }
/* /*
* production effic. * production effic.
@ -244,7 +247,7 @@ prod(void)
* workforce? * workforce?
*/ */
max = (int)(work * p_e / (double)unit_work + 0.5); max = (int)(work * p_e / (double)unit_work + 0.5);
if (pp->p_nrdep != 0 && vtype != I_NONE) { if (resource && pp->p_nrdep != 0 && vtype != I_NONE) {
if (*resource * 100 < pp->p_nrdep * max) if (*resource * 100 < pp->p_nrdep * max)
max = *resource * 100 / pp->p_nrdep; max = *resource * 100 / pp->p_nrdep;
} }

13
src/lib/update/produce.c
View file

@ -66,6 +66,10 @@ produce(struct natstr *np, struct sctstr *sp, short *vec, int work,
return 0; return 0;
product = &pchr[dchr[desig].d_prd]; product = &pchr[dchr[desig].d_prd];
item = product->p_type; item = product->p_type;
if (product->p_nrndx)
resource = (unsigned char *)sp + product->p_nrndx;
else
resource = NULL;
*amount = 0; *amount = 0;
*cost = 0; *cost = 0;
@ -75,10 +79,9 @@ produce(struct natstr *np, struct sctstr *sp, short *vec, int work,
* calculate production efficiency. * calculate production efficiency.
*/ */
p_e = neweff / 100.0; p_e = neweff / 100.0;
if (product->p_nrndx != 0) { if (resource) {
unit_work++; unit_work++;
resource = (unsigned char *)sp + product->p_nrndx; p_e *= *resource / 100.0;
p_e = (*resource * p_e) / 100.0;
} }
/* /*
* determine number that can be made with * determine number that can be made with
@ -90,7 +93,7 @@ produce(struct natstr *np, struct sctstr *sp, short *vec, int work,
worker_limit = roundavg(work * p_e / unit_work); worker_limit = roundavg(work * p_e / unit_work);
if (material_consume > worker_limit) if (material_consume > worker_limit)
material_consume = worker_limit; material_consume = worker_limit;
if (product->p_nrdep != 0) { if (resource && product->p_nrdep != 0) {
if (*resource * 100 < product->p_nrdep * material_consume) if (*resource * 100 < product->p_nrdep * material_consume)
material_consume = *resource * 100 / product->p_nrdep; material_consume = *resource * 100 / product->p_nrdep;
} }
@ -140,7 +143,7 @@ produce(struct natstr *np, struct sctstr *sp, short *vec, int work,
*/ */
if (!player->simulation) { if (!player->simulation) {
materials_charge(product, vec, material_consume); materials_charge(product, vec, material_consume);
if (product->p_nrdep != 0) { if (resource && product->p_nrdep != 0) {
/* /*
* lower natural resource in sector depending on * lower natural resource in sector depending on
* amount produced * amount produced