-----Original Message-----
From: Peter Ajamian <peter@pajamian.dhs.org>
To: CIRCLE@POST.QUEENSU.CA <CIRCLE@POST.QUEENSU.CA>
Date: tisdag, 8 augusti 2000 01:44
Subject: Re: [CIRCLE] [CODE] VisionMUD class_spells_index buffer overflows
<snip>
>> it
>> overflows or something and doesn't print anything else into the string,
can
>> any one help me out here?
>>
>Well, I'll look through and tell you what I can see...
>>
>> ---------------------------SNIP---------------------------------
>> void class_spells_index(int chclass, char *str)
> ^^^^^^^^^
>
>You're using a passed buffer to hold the output of ths function. The
>problem could easily be outside of the function and have to do with the
>way the buffer is declared/allocated.
>
<snip>
>Hrmmm, the use of buf1 in this function could (possibly) be the problem
>if buf1 is already in use by the calling function. As a rule I only use
>the global buffers in ACMDs and a few other places where I'm sure I
>won't be stepping on nother functions usage of them or vice-versa. To
>find out if this is the problem and fix it in the same step simply
>declare buf1 as a local which will isolate it from other functions as
>follows...
>
>char buf1[MAX_STRING_LENGTH];
>
<snip>
I tried to declare buf1 as a local like you suggested (I had even tried that
yesterday I think but didn't think it was that), but it still overflows the
string somehow, when I debug it prints out the top rows (the header and
the ---- line) and starts on level 1, prints out about three items, and then
it goes down one line to print out the other spells/skills, and it truncates
it after like 3-10 chars and then it refuses to add anything further to the
string (built in security check I presume).
I have also tried to do the sprintf's like you described, sprintf(str +
strlen(str), "", bla); which I also felt was a better way to do it since I
had some first hand experience with the other way when I meddled with the
do_score some months ago, but I am glad you pointed out that it was the
correct way!
So, in the code, it is obviously somewhere around the for loop... I would
without any programming knowledge guess that it is sprintf(str +
strlen(str), "%s%-22s", buf1, spells[spellnum]); that does it, when it adds
buf1 to str it messes up somehow...
Here is the code again, with modifications:
----------------snip---------------------------------------
void class_spells_index(int chclass, char *str)
{
char buf1[MAX_STRING_LENGTH];
int i, spellnum, num;
int n_spells, n_skills;
*str = '\0';
sprinttype(chclass, pc_class_types, buf1);
sprintf(str,"Spells and Skills available for %s.\r\n", buf1);
strcat(str,
"---------------------------------------------------------------------------
--\r\n");
strcat(str, "Level Spell/Skill Name\r\n");
n_spells = 0;
n_skills = 0;
for (i = 1; i <= MAX_MORT_LEVEL; i++) {
sprintf(str + strlen(str), "%2d ", i);
num = 0;
for (spellnum = 1; spellnum < TOP_SPELLS; spellnum++) {
if (SINFO.min_level[chclass] == i) {
if (num >= 3) strcat(str, "\r\n ");
if (spellnum >= 1 && spellnum <= MAX_SPELLS) {
strcpy(buf1, "");
n_spells++;
} else if (spellnum > MAX_SPELLS && spellnum <
START_NON_PLAYER_SPELLS) {
strcpy(buf1, "");
n_skills++;
} else
strcpy(buf1, "");
sprintf(str + strlen(str), "%s%-22s", buf1, spells[spellnum]);
num++;
}
}
strcat(str,"\r\n");
}
strcat(str, "\r\n");
sprintf(str + strlen(str), "Spells: %d, Skills: %d, Total:%d\r\n",
n_spells, n_skills, n_spells+n_skills);
return;
}
----------------snip---------------------------------------
I removed the color codes in the strcpy(buf1, ""); things, because I didn't
know what else to do with them, I mean, I don't want color in it, I just
want it to print out a simple list of skills and spells, that's all...
Maybe this should be done a different way, but it doesn't matter for the
buffer overflow at least, I gone and checked that already...
Please help me out here... I am trying my best to try to grasp the string
handling here, but I am a novice, so it is harder for me to point at the
error and say "There it is!" ...
Kind Regards,
Torgny Bjers
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 04/11/01 PDT