Re: [CODE] VisionMUD class_spells_index buffer overflows

From: Torgny Bjers (
Date: 08/08/00

-----Original Message-----
From: Peter Ajamian <>
Date: tisdag, 8 augusti 2000 01:44
Subject: Re: [CIRCLE] [CODE] VisionMUD class_spells_index buffer overflows

>> it
>> overflows or something and doesn't print anything else into the string,
>> any one help me out here?
>Well, I'll look through and tell you what I can see...
>> ---------------------------SNIP---------------------------------
>> void class_spells_index(int chclass, char *str)
>                                       ^^^^^^^^^
>You're using a passed buffer to hold the output of ths function.  The
>problem could easily be outside of the function and have to do with the
>way the buffer is declared/allocated.

>Hrmmm, the use of buf1 in this function could (possibly) be the problem
>if buf1 is already in use by the calling function.  As a rule I only use
>the global buffers in ACMDs and a few other places where I'm sure I
>won't be stepping on nother functions usage of them or vice-versa.  To
>find out if this is the problem and fix it in the same step simply
>declare buf1 as a local which will isolate it from other functions as
>char buf1[MAX_STRING_LENGTH];


I tried to declare buf1 as a local like you suggested (I had even tried that
yesterday I think but didn't think it was that), but it still overflows the
string somehow, when I debug it prints out the top rows (the header and
the ---- line) and starts on level 1, prints out about three items, and then
it goes down one line to print out the other spells/skills, and it truncates
it after like 3-10 chars and then it refuses to add anything further to the
string (built in security check I presume).

I have also tried to do the sprintf's like you described, sprintf(str +
strlen(str), "", bla); which I also felt was a better way to do it since I
had some first hand experience with the other way when I meddled with the
do_score some months ago, but I am glad you pointed out that it was the
correct way!

So, in the code, it is obviously somewhere around the for loop... I would
without any programming knowledge guess that it is sprintf(str +
strlen(str), "%s%-22s", buf1, spells[spellnum]); that does it, when it adds
buf1 to str it messes up somehow...

Here is the code again, with modifications:

void class_spells_index(int chclass, char *str)
  char buf1[MAX_STRING_LENGTH];
  int i, spellnum, num;
  int n_spells, n_skills;
  *str = '\0';
  sprinttype(chclass, pc_class_types, buf1);
  sprintf(str,"Spells and Skills available for %s.\r\n", buf1);
  strcat(str, "Level          Spell/Skill   Name\r\n");

  n_spells = 0;
  n_skills = 0;
  for (i = 1; i <= MAX_MORT_LEVEL; i++) {
    sprintf(str + strlen(str), "%2d   ", i);
    num = 0;
    for (spellnum = 1; spellnum < TOP_SPELLS; spellnum++) {
      if (SINFO.min_level[chclass] == i) {
        if (num >= 3) strcat(str, "\r\n     ");
        if (spellnum >= 1 && spellnum <= MAX_SPELLS) {
          strcpy(buf1, "");
        } else if (spellnum > MAX_SPELLS  && spellnum <
          strcpy(buf1, "");
        } else
          strcpy(buf1, "");
        sprintf(str + strlen(str), "%s%-22s", buf1, spells[spellnum]);

  strcat(str, "\r\n");
  sprintf(str + strlen(str), "Spells: %d, Skills: %d, Total:%d\r\n",
    n_spells, n_skills, n_spells+n_skills);

I removed the color codes in the strcpy(buf1, ""); things, because I didn't
know what else to do with them, I mean, I don't want color in it, I just
want it to print out a simple list of skills and spells, that's all...
Maybe this should be done a different way, but it doesn't matter for the
buffer overflow at least, I gone and checked that already...

Please help me out here...  I am trying my best to try to grasp the string
handling here, but I am a novice, so it is harder for me to point at the
error and say "There it is!" ...

Kind Regards,
Torgny Bjers

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  |

This archive was generated by hypermail 2b30 : 04/11/01 PDT