From: "Mark Garringer" <zizazat@HOTMAIL.COM>
> >as IS_NPC(ch) would've caused the crash otherwise. Since 'ch' is never
> >directly modified after this point, this implies a buffer overflow,
> >possibly within garble_text().
>
> void garble_text(char *string, int percent, int lang)
> {
> char letters[12] = "";
> /* Always up letters[12] to the largest size for letters you wish to
> * use below. */
<snip>
> strcpy (letters, "aehiopstuwxyz");
> s = 12;
> break;
> }
sizeof("aehiopstuwxyz") == 14 > sizeof(letters) == 12
The bug is in the strcpy() above. letters should be at least
sizeof() the longest string in the switch, and you wouldn't
really be wasting a lot of space if you made it a bit larger;
char letters[50];
Welcor
--
+---------------------------------------------------------------+
| FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
| Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
| Newbie List: http://groups.yahoo.com/group/circle-newbies/ |
+---------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 06/26/03 PDT