Bad memory read

jbu

Rookie

Join Date: Jul 2010
Posts: 9

August 13, 2010, 21:10

fwiw I just found a bad memory read in spells2.c

Code:

void map_area(void)
{
	int i, x, y;
	int x1, x2, y1, y2;

	/* Pick an area to map */
	y1 = p_ptr->py - DETECT_DIST_Y;
	y2 = p_ptr->py + DETECT_DIST_Y;
	x1 = p_ptr->px - DETECT_DIST_X;
	x2 = p_ptr->px + DETECT_DIST_X;

	if (y1 < 0) y1 = 0;
	if (x1 < 0) x1 = 0;

	/* Scan the dungeon */
	for (y = y1; y < y2; y++)
	{
		for (x = x1; x < x2; x++)
		{
			/* All non-walls are "checked" */
			if (cave_feat[y][x] < FEAT_SECRET)
			{
				if (!in_bounds_fully(y, x)) continue;
                                //stuff

Now, there is no check on the outer bounds for x2 and y2 and they might (will) exceed the borders of cave_feat. The in_bounds_fully() check is done after the read. A fix is to move that check to the start of the loop or just restrict the loop upper bounds.

Cheers

Tags: None

ajps

Apprentice

Join Date: May 2007

Posts: 50
Share

Tweet
#2

August 14, 2010, 13:57

Originally posted by jbu

Now, there is no check on the outer bounds for x2 and y2 and they might (will) exceed the borders of cave_feat. The in_bounds_fully() check is done after the read. A fix is to move that check to the start of the loop or just restrict the loop upper bounds.

I've done the latter of those in r2039 (untested code, but it's not that complicated). Thanks for reporting!
Comment

Bad memory read

Bad memory read

Comment