Tweet
remove_object_curse() (effect.c:759) frees the curse and sends a message about it:
But the argument "name" comes from this curse (effect.c:800)
And gets freed with the rest of the curse (obj-curse.c:127).
The curse ultimately comes from the curse menu in ui-curse.c
I propose to free the curse after the message is sent, and perhaps remove the argument "name" to remove_object_curse().
Code:
static void remove_object_curse(struct object *obj, char *name, bool message)
{
struct curse *c = obj->curses;
if (streq(c->name, name)) {
obj->curses = c->next;
c->next = NULL;
free_curse(c, true);
if (message) {
msg("The %s curse is removed!", name);
}
return;
}
Code:
remove_object_curse(obj, curse->name, true);
The curse ultimately comes from the curse menu in ui-curse.c
Code:
for (curse = obj->curses; curse; curse = curse->next) {
available[count++] = curse;
...
menu_setpriv(m, count, available);
...
menu_select(...)