Angband Forums

Angband Forums (http://angband.oook.cz/forum/index.php)
-   Development (http://angband.oook.cz/forum/forumdisplay.php?f=10)
-   -   Bad memory read (http://angband.oook.cz/forum/showthread.php?t=3584)

jbu August 13, 2010 22:10

Bad memory read
 
fwiw I just found a bad memory read in spells2.c

Code:

void map_area(void)
{
        int i, x, y;
        int x1, x2, y1, y2;

        /* Pick an area to map */
        y1 = p_ptr->py - DETECT_DIST_Y;
        y2 = p_ptr->py + DETECT_DIST_Y;
        x1 = p_ptr->px - DETECT_DIST_X;
        x2 = p_ptr->px + DETECT_DIST_X;

        if (y1 < 0) y1 = 0;
        if (x1 < 0) x1 = 0;

        /* Scan the dungeon */
        for (y = y1; y < y2; y++)
        {
                for (x = x1; x < x2; x++)
                {
                        /* All non-walls are "checked" */
                        if (cave_feat[y][x] < FEAT_SECRET)
                        {
                                if (!in_bounds_fully(y, x)) continue;
                                //stuff

Now, there is no check on the outer bounds for x2 and y2 and they might (will) exceed the borders of cave_feat. The in_bounds_fully() check is done after the read. A fix is to move that check to the start of the loop or just restrict the loop upper bounds.

Cheers

ajps August 14, 2010 14:57

Quote:

Originally Posted by jbu (Post 38848)
Now, there is no check on the outer bounds for x2 and y2 and they might (will) exceed the borders of cave_feat. The in_bounds_fully() check is done after the read. A fix is to move that check to the start of the loop or just restrict the loop upper bounds.

I've done the latter of those in r2039 (untested code, but it's not that complicated). Thanks for reporting!


All times are GMT +1. The time now is 07:20.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.