[Newbie] - Buf overflow problems

From: Tom Dailey (tomd@waymark.net)
Date: 02/12/99


Hello,

We're implementing some new code and are getting this error from
gdb:

#0  do_throw (wch=0xfbe578, argument=0x64 "./bin/zombie 2150", cmd=398,
subcmd=0) at act.misc1.c:413
413                                     sprintf(buf, "You throw %s and it
shatters on %s!\r\n",
(gdb) wher
#0  do_throw (ch=0xfbe578, argument=0x64 "./bin/zombie 2150", cmd=398,
subcmd=0) at act.misc1.c:413
#1  0x9aec0 in command_interpreter (ch=0xfbe578, argument=0xeffff638 "throw
potion") at interpreter.c:817
#2  0x6acb8 in game_loop (mother_desc=4) at comm.c:639
#3  0x6a328 in init_game () at comm.c:239
#4  0x6a2ac in main (argc=0, argv=0xeffffcc4) at comm.c:207

The following is the code from within the function: Any help is
appreciated...we're stuck on this buf var because
it seems to be overflowing.

ACMD(do_throw)
{
        int dam, spell, level;
        struct char_data *vict;
        struct obj_data *obj;

        two_arguments(argument, buf, arg);

        if(!*buf && !*arg) {
                send_to_char("Usage: Throw <item> [target]\r\n", ch);
                return;
        }

        if(!has_skill(ch, SKILL_THROW)) {
                send_to_char("You do not know how to throw things with any
accuracy.\r\n", ch);
                return;
        }

        generic_find(buf, FIND_OBJ_INV, ch, &vict, &obj);

        if(vict) {
                send_to_char("Throw what at them?\r\n", ch);
                return;
        }
        if(!obj) {

       send_to_char("You do not appear to have that.\r\n", ch);
                return;
        }
        if(*arg) {
                if(!(vict = get_char_room_vis(ch, arg))) {
                        send_to_char("They dont seem to be here.\r\n", ch);
                        return;
                }
        }

        if(GET_OBJ_TYPE(obj) != ITEM_POTION && GET_OBJ_TYPE(obj) !=
ITEM_THROWN) {
                send_to_char("You can't throw that.\r\n", ch);
                return;
        }

        switch(GET_OBJ_TYPE(obj)) {
        case ITEM_THROWN:
                if(!vict) {
                        send_to_char("Throw it at who?\r\n", ch);
                        return;
                }
                if(skill_check(ch, SKILL_THROW, 0, FALSE)) {
                        dam = dice(GET_OBJ_VAL(obj, 1), GET_OBJ_VAL(obj,
2));
                        sprintf(buf, "Damage: %d\r\n", dam);
                        send_to_char(buf, ch);
                                damage(ch, vict, dam, TYPE_HIT);
                } else {
                        sprintf(buf, "You throw %s at %s but miss.\r\n",
obj->short_description,
                                GET_NAME(vict));
                        send_to_char(buf, ch);
                        sprintf(buf, "%s throws %s at %s but misses.\r\n",
                                GET_NAME(ch), obj->short_description,
GET_NAME(vict));
                        act(buf, FALSE, ch, 0, 0, TO_ROOM);
                }
                WAIT_STATE(ch, PULSE_VIOLENCE*2);

                if(GET_OBJ_VAL(obj, 0) <= 1) {
                        extract_obj(obj);
                } else {
                        GET_OBJ_VAL(obj, 0) -= 1;
                }
                break;

 case ITEM_POTION:
                spell = GET_OBJ_VAL(obj, 1);
                level = GET_OBJ_VAL(obj, 0);

                if(spell == PRAYER_EARTHQUAKE || spell == SPELL_BLACK_RAIN)
{
                        if(!(skill_check(ch, SKILL_THROW, 5, 0))) {
ERROR ->>            sprintf(buf, "You throw %s and it shatters with just a
puff of smoke.\r\n",
                                        obj->short_description);
                                send_to_char(buf, ch);
                        } else {
                                sprintf(buf, "You throw %s and it shatters
on the ground!\r\n",
                                        obj->short_description);
                                send_to_char(buf, ch);
                                sprintf(buf, "%s throws %s and it shatters
on the ground!\r\n",
                                        GET_NAME(ch),
obj->short_description);
                                act(buf, FALSE, ch, 0, 0, TO_ROOM);
                                mag_areas(level, ch, spell, SAVING_SPELL);
                        }
                } else {
                        if(!vict) {
                                if(GET_POS(ch) == POS_FIGHTING) { vict =
FIGHTING(ch); }
                                else {
                                        for (vict =
world[ch->in_room].people; vict; vict = vict->next_in_room) {
                                                if (FIGHTING(vict) == ch &&
!number(0, 3)) { break; }
                                        }
                                }
                        }
                        if(!(skill_check(ch, SKILL_THROW, 0, 0))) {
                                sprintf(buf, "You fumble %s while trying to
throw it!\r\n", obj->short_description);
                                send_to_char(buf, ch);
                        } else {
                                sprintf(buf, "You throw %s and it shatters
on %s!\r\n",
                                        obj->short_description,
GET_NAME(vict));
                                send_to_char(buf, ch);
                                sprintf(buf, "%s throws %s and it shatters
on %s!\r\n",
                                        GET_NAME(ch),
obj->short_description, GET_NAME(vict));
                                act(buf, FALSE, ch, 0, 0, TO_ROOM);
                                mag_damage(level, ch, vict, spell,
SAVING_SPELL);
                        }
                }
                extract_obj(obj);
                WAIT_STATE(ch, PULSE_VIOLENCE*2);
                break;
        }
}


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/15/00 PST