Fixed buffer over run of not enough array allocation for object flags by static number

diff --git a/src/artifact.c b/src/artifact.c
index 5fe1017..2e6d5ac 100644 (file)
--- a/src/artifact.c
+++ b/src/artifact.c
@@ -2058,7 +2058,7 @@ const activation_type* find_activation_info(object_type *o_ptr)
 /* Dragon breath activation */
 static bool activate_dragon_breath(object_type *o_ptr)
 {
-       u32b flgs[4]; /* for resistance flags */
+       u32b flgs[TR_FLAG_SIZE]; /* for resistance flags */
        int type[20];
        cptr name[20];
        int i, dir, t, n = 0;

diff --git a/src/dungeon.c b/src/dungeon.c
index d02e03d..9cd94fe 100644 (file)
--- a/src/dungeon.c
+++ b/src/dungeon.c
@@ -1535,7 +1535,7 @@ static object_type *choose_cursed_obj_name(u32b flag)
                                        (flag == TRC_SLOW_REGEN) )
                {
                        u32b cf;
-                       u32b flgs[4];
+                       u32b flgs[TR_FLAG_SIZE];
                        object_flags(o_ptr, flgs);
                        switch (flag)
                        {

diff --git a/src/object1.c b/src/object1.c
index 469aa10..2bfaa0f 100644 (file)
--- a/src/object1.c
+++ b/src/object1.c
@@ -333,7 +333,7 @@ void object_flags_known(object_type *o_ptr, u32b flgs[TR_FLAG_SIZE])
 static cptr item_activation_dragon_breath(object_type *o_ptr)
 {
        static char desc[256];
-       u32b flgs[4]; /* for resistance flags */
+       u32b flgs[TR_FLAG_SIZE]; /* for resistance flags */
        int i, n = 0;
 
        object_flags(o_ptr, flgs);