[crossfire] Suspicious code
Nicolas Weeger
nicolas.weeger at laposte.net
Fri Aug 12 07:04:48 CDT 2005
Hello.
I'm doing massive char* => const char* substitution in server code, and
I found two weird things:
* in common/readable.c, line 1647:
op_name = strtok (formula->arch_name, ",");
Trouble: arch_name is set through add_string, and strtok *changes* the
string.
Given the context it's used only when the 'arch' field of the recipe
contains , (recipe given multiple items randomly, i guess?). But this
could lead to formulae corruption.
* in server/spell_util.c, line 968:
int cast_spell(object *op, object *caster,int dir,object *spell_ob,
char *stringarg) {
The last argument is non NULL value only in server/c_range.c:174 (and
plugin code), stringarg being set to point somewhere in the params field
given to the command handler.
But cast_spell has those lines (1401-1404):
if(settings.casting_time == TRUE && stringarg) {
free(stringarg);
stringarg=NULL;
}
This imo can lead to very nice crashes when casting has time.
Nicolas
More information about the crossfire
mailing list