I sent this over the weekend by didn't see it appear, so I'm re-sending.
Sorry if this
reaches anyone twice...
I've found a somewhat serious bug that is still present in bpl12. I suspect
this bug is responsible for the previously mysterious "when I create a new
mob I crash" bug.
This bug is potentially causing a buffer underflow when writing to the
mob_index
array in assign_the_shopkeepers().
The function performs: mob_index[SHOP_KEEPER(index)].func = shop_keeper;
to assign the shop_keeper specproc. However, there is no sanity check to make
sure SHOP_KEEPER(index) is a valid index and, in fact, in using OasisOLC to
make shops, it is possible for this macro to return -1, having us write
_below_
the mob_index pointer. Now, a common malloc() technique, to allow free()
to work,
is to store the size of the buffer just below the "beginning" of the
buffer. I don't know
if gnu's malloc() does this or not, but certainly when the mob_index buffer
is underflowed,
trying to free(mob_index) causes problems.
The fix is simple - just conditionalize on SHOP_KEEPER(index)>=0 and, if that
condition is false, log a SYSERR.
In eQuoria, I also made "show errors" display keeperless shops, to more easily
keep tabs on this.
Mark A. Heilpern --- Sammy @ eQuoria MUD equoria.com:4000
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/15/00 PST