A variant of NetHack that is designed to be a much more challenging experience than the original, drawing inspiration and content from various existing variants along with adding unique and never-before-seen custom content.
License: Other
This is a bug I've been running into a lot in HackEM - which I thought was due to adding grass and updating some mechanics related to hiding monsters. However, I decided to start fuzzing Evilhack to see if the problem was there too and it has popped up a couple of times.
The related hackem issue is here: elunna/hackem#106.
The problem seems to originate in the gnomish mines (dnum 2). When I check the square the eel is on, it is a STAIRS(26) tile. So this might be a stair placement issue after the level had run makerivers()
This could also be related to running the fuzzer with wizmakemap bound.
Suddenly, the dungeon collapses.
eel hiding out of water (fmon)
Generating more information you may report:
[0] /home/lunatunez/games/evilhackdir/evilhack(+0x135e38) [0x555555689e38]
[1] /home/lunatunez/games/evilhackdir/evilhack(+0x135dd2) [0x555555689dd2]
[2] /home/lunatunez/games/evilhackdir/evilhack(panic+0x27d) [0x55555568c149]
[3] /home/lunatunez/games/evilhackdir/evilhack(impossible+0x126) [0x5555558400fd]
[4] /home/lunatunez/games/evilhackdir/evilhack(+0x235774) [0x555555789774]
[5] /home/lunatunez/games/evilhackdir/evilhack(mon_sanity_check+0x37) [0x5555557898c1]
[6] /home/lunatunez/games/evilhackdir/evilhack(sanity_check+0x17) [0x5555555f9087]
[7] /home/lunatunez/games/evilhackdir/evilhack(moveloop+0x1ea3) [0x5555555a4b64]
[8] /home/lunatunez/games/evilhackdir/evilhack(main+0x599) [0x55555597e442]
[9] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3) [0x7ffff7d96083]
[10] /home/lunatunez/games/evilhackdir/evilhack(_start+0x2e) [0x5555555a256e]
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7d94859 in __GI_abort () at abort.c:79
#2 0x0000555555689df3 in NH_abort () at end.c:236
#3 0x000055555568c149 in panic (str=0x5555559dc348 "%s") at end.c:783
#4 0x00005555558400fd in impossible (s=0x5555559cdb36 "eel hiding out of water (%s)")
at pline.c:518
#5 0x0000555555789774 in sanity_check_single_mon (mtmp=0x555555bd9ef0, chk_geno=1 '\001',
msg=0x5555559cdbb7 "fmon") at mon.c:122
#6 0x00005555557898c1 in mon_sanity_check () at mon.c:146
#7 0x00005555555f9087 in sanity_check () at cmd.c:4860
#8 0x00005555555a4b64 in moveloop (resuming=0 '\000') at allmain.c:740
#9 0x000055555597e442 in main (argc=4, argv=0x7fffffffe628) at ../sys/unix/unixmain.c:353
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Full backtrace:
Program received signal SIGINT, Interrupt.
0x00007ffff744efd2 in __GI___libc_read (fd=0, buf=0x619000000a80, nbytes=1024)
at ../sysdeps/unix/sysv/linux/read.c:26
26 ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
$1 = {dnum = 2 '\002', dlevel = 1 '\001'}
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
set = {__val = {0, 0, 0, 0, 0, 93824992231424, 93824993500108, 335544320,
140737351733392, 1073741824, 140737488349266, 93824992231424, 93824992365080,
14458514477279307008, 140737488345824, 93824995294924}}
pid = <optimized out>
tid = <optimized out>
ret = <optimized out>
#1 0x00007ffff7d94859 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x555555574a18,
sa_sigaction = 0x555555574a18}, sa_mask = {__val = {14458514477279307008,
140737488345824, 93824995294924, 93824992336672, 93824996851109, 206158430232,
140737488345840, 140737488345648, 14458514477279307008, 140737353865712, 10,
93824999099140, 335544320, 140737351733392, 14458514477279307008, 16}},
sa_flags = 1432919400, sa_restorer = 0x5555555a2540 <_start>}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x0000555555689df3 in NH_abort () at end.c:236
gdb_prio = 1
libc_prio = 2
aborting = 1 '\001'
#3 0x000055555568c149 in panic (str=0x5555559dc348 "%s") at end.c:783
the_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffddf0,
reg_save_area = 0x7fffffffdd30}}
#4 0x00005555558400fd in impossible (s=0x5555559cdb36 "eel hiding out of water (%s)")
at pline.c:518
pbuf = "eel hiding out of water (fmon)", '\000' <repeats 850 times>...
the_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffe3f0,
reg_save_area = 0x7fffffffe330}}
#5 0x0000555555789774 in sanity_check_single_mon (mtmp=0x555555bd9ef0, chk_geno=1 '\001',
msg=0x5555559cdbb7 "fmon") at mon.c:122
t = 0x15
mptr = 0x555555a3fb28 <mons+43784>
mx = 77
my = 11
#6 0x00005555557898c1 in mon_sanity_check () at mon.c:146
x = 78
y = 18
mtmp = 0x555555bd9ef0
m = 0x555555bd6930
#7 0x00005555555f9087 in sanity_check () at cmd.c:4860
No locals.
#8 0x00005555555a4b64 in moveloop (resuming=0 '\000') at allmain.c:740
moveamt = 10
wtcap = 0
change = 0
monscanmove = 0 '\000'
timeout_start = 30375
past_clock = 14551352
elf_regen = 1 '\001'
orc_regen = 1 '\001'
#9 0x000055555597e442 in main (argc=4, argv=0x7fffffffe628) at ../sys/unix/unixmain.c:353
fd = -1
dir = 0xffffffff <error: Cannot access memory at address 0xffffffff>
exact_username = 0 '\000'
resuming = 0 '\000'
plsel_once = 1 '\001'
It seems I've been hasty with c94a7be, as I just realized it probably should also check that the wielded item is a melee weapon. Currently, Moloch can also add the fire oprop to launchers (would that even work?) and missiles (not a big deal, but what're you gonna do with just one arrow of fire?) Also, the code immediately below blesses the wielded weapon; Moloch should probably curse it instead.
blindingflash is not being called because there is some wand of light logic preventing it.
Here:
Line 2827 in 6579d04
My name is literally "Connie the Crook", and I abuse my alignment when I phase into a shop (that wouldn't let me in, to boot) and leave without paying. Character's chaotic, too.
You get permanent invisibility from a magic trap, but you cannot zap yourself with a cursed wand of make invisible to become visible again ("You fade from view for a brief moment.").
This check excludes intrinsic invisiblity, so only temporary invisibility will be reverted.
if (!EInvis && (HInvis & TIMEOUT) && obj->cursed) {
While I think it's awesome that you're adding SpliceHack's monster knockback mechanic, you will definitely want to take a look at NullCGT/SpliceHack#15. The way monster clobbering is implemented in EvilHack right now, your're going to have a lot of players angry about getting stun-locked against walls. You will also want to make sure that monsters with additional attacks after a clobber do not crash the game by attempting an attack after the target has been knocked away. I'm not sure whether that's an issue, but it's certainly worth checking.
Additionally, you should be aware of the following:
Basically, you took a feature that I already considered absurdly, cartoonishly evil and made it even nastier. I think that's the best endorsement I can give EvilHack :)
Testing convict drow - looks like an issue with droven arrows. I recorded with rr so more debugging is available if needed.
(rr) p toplines
$6 = "A cursed -1 dark elven arrow (in quiver) (1 aum) crumbles into fragments!", '\000' <repeats 226 times>
Suddenly, the dungeon collapses.
obfree: deleting worn obj (4: 512)
Generating more information you may report:
[0] ./evilhackdir/evilhack(+0x1403c1) [0x561fcdaac3c1]
[1] ./evilhackdir/evilhack(+0x140358) [0x561fcdaac358]
[2] ./evilhackdir/evilhack(panic+0x292) [0x561fcdaae85e]
[3] ./evilhackdir/evilhack(impossible+0x12f) [0x561fcdc82357]
[4] ./evilhackdir/evilhack(obfree+0x28a) [0x561fcdcd80a5]
[5] ./evilhackdir/evilhack(delobj_core+0x1fa) [0x561fcdae91f3]
[6] ./evilhackdir/evilhack(delobj+0x21) [0x561fcdae8ff6]
[7] ./evilhackdir/evilhack(breakobj+0x42d) [0x561fcda8f37f]
[8] ./evilhackdir/evilhack(hero_breaks+0x161) [0x561fcda8e011]
[9] ./evilhackdir/evilhack(+0x400138) [0x561fcdd6c138]
[10] ./evilhackdir/evilhack(hmon+0xde) [0x561fcdd618ef]
[11] ./evilhackdir/evilhack(thitmonst+0xba1) [0x561fcda8d0ad]
[12] ./evilhackdir/evilhack(throwit+0x196d) [0x561fcda8ac3f]
[13] ./evilhackdir/evilhack(+0x117810) [0x561fcda83810]
[14] ./evilhackdir/evilhack(dofire+0x2f2) [0x561fcda8439a]
[15] ./evilhackdir/evilhack(rhack+0x74b) [0x561fcda15a3b]
[16] ./evilhackdir/evilhack(moveloop+0x21ed) [0x561fcd9bdeae]
[17] ./evilhackdir/evilhack(main+0x5b4) [0x561fcddd4982]
[18] /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7f9dd8401d90]
[19] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7f9dd8401e40]
Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140315920508736) at ./nptl/pthread_kill.c:44
44 ./nptl/pthread_kill.c: No such file or directory.
(rr) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140315920508736)
at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140315920508736)
at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=140315920508736, signo=signo@entry=6)
at ./nptl/pthread_kill.c:89
#3 0x00007f9dd841a476 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/posix/raise.c:26
#4 0x00007f9dd84007f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x0000561fcdaac379 in NH_abort () at end.c:236
#6 0x0000561fcdaae85e in panic (str=0x561fcde32ca8 "%s") at end.c:783
#7 0x0000561fcdc82357 in impossible (
s=0x561fcde3e050 "obfree: deleting worn obj (%d: %ld)") at pline.c:518
#8 0x0000561fcdcd80a5 in obfree (obj=0x561fceeab410, merge=0x0) at shk.c:1016
#9 0x0000561fcdae91f3 in delobj_core (obj=0x561fceeab410, force=0 '\000')
at invent.c:1259
#10 0x0000561fcdae8ff6 in delobj (obj=0x561fceeab410) at invent.c:1223
#11 0x0000561fcda8f37f in breakobj (obj=0x561fceeab410, x=18 '\022',
y=16 '\020', hero_caused=1 '\001', from_invent=0 '\000') at dothrow.c:2444
#12 0x0000561fcda8e011 in hero_breaks (obj=0x561fceeab410, x=18 '\022',
y=16 '\020', breakflags=0) at dothrow.c:2317
#13 0x0000561fcdd6c138 in hmon_hitmon (mon=0x561fceea7760, obj=0x561fceeab410,
thrown=1, dieroll=2) at uhitm.c:2043
#14 0x0000561fcdd618ef in hmon (mon=0x561fceea7760, obj=0x561fceeab410, thrown=1, dieroll=2) at uhitm.c:968
#15 0x0000561fcda8d0ad in thitmonst (mon=0x561fceea7760, obj=0x561fceeab410) at dothrow.c:2055
#16 0x0000561fcda8ac3f in throwit (obj=0x561fceeab410, wep_mask=512, twoweap=0 '\000') at dothrow.c:1592
#17 0x0000561fcda83810 in throw_obj (obj=0x561fceeab410, shotlimit=0) at dothrow.c:289
#18 0x0000561fcda8439a in dofire () at dothrow.c:477
#19 0x0000561fcda15a3b in rhack (cmd=0x561fcdeb5340 <in_line> "f") at cmd.c:5544
#20 0x0000561fcd9bdeae in moveloop (resuming=0 '\000') at allmain.c:804
#21 0x0000561fcddd4982 in main (argc=2, argv=0x7ffdc8b93638) at ../sys/unix/unixmain.c:353
mobileuser noticed this first in HackEM, but tested in EvilHack and found it as well.
Steps to reproduce:
Should see something like this:
The large kobold hurls a bubbly potion!
The phial crashes on the gnome's head and breaks into shards.
The bubbly potion evaporates.
The gnome turns into a giant spider!
You feel guilty.
Also results in "You have slightly abused your alignment."
Also tested with potions of acid and confusion, but this only occurred with polymorph.
If ever there were a role that shouldn't abuse their alignment by robbing a bank, it's the convict.
Built on Mar 26 fb5d1d1
Started happening after the partial resistance patch was applied. Player will still get resistance gaining messages even after that particular resistance is at 100%.
I was Infidel and I died. Then in the next run I've found my grave and the Amulet among other items. Once identified it is now cursed cheap plastic imitation but it was a real Amulet in previous life. Not sure if this is a real issue, but just not very logically consistent. How real Amulet becomes a cheap piece of plastic? Well evil magic maybe.
P.S. I admire you nethack fork. It's very cool and challenging.
It appears that you have to have the Fast intrinsic to become slowed from wands or spells of slow monster:
zap.c: 2760
case WAN_SLOW_MONSTER:
case SPE_SLOW_MONSTER:
if (HFast & (TIMEOUT | INTRINSIC)) {
learn_it = TRUE;
u_slow_down();
}
break;
Systems are Fedora 39 and 40. I captured 3 instances of the game freezing solid when I go down stairs.
(gdb)
Continuing.
Program received signal SIGINT, Interrupt.
0x000000000054e2d3 in lower_bits (x=175676520848501335) at isaac64.c:36
36 return (x & ((ISAAC64_SZ-1) << 3)) >>3;
(gdb) bt
#0 0x000000000054e2d3 in lower_bits (x=175676520848501335) at isaac64.c:36
#1 0x000000000054e584 in isaac64_update (_ctx=0x8f3d30 <rnglist+16>) at isaac64.c:68
#2 0x000000000054f18b in isaac64_next_uint64 (_ctx=0x8f3d30 <rnglist+16>) at isaac64.c:157
#3 0x0000000000718d5b in RND (x=12) at rnd.c:62
#4 0x0000000000718dc6 in rn2 (x=-1382963894) at rnd.c:109
#5 0x00000000004401cb in create_oprop (obj=0x4e041bad91a54a, allow_detrimental=0 '\000') at artifact.c:379
#6 0x00000000007391d9 in shkinit (shp=0x88e790 <shtypes+880>, sroom=0x9024b0 <rooms+9936>, shp_indx=11) at shknam.c:793
#7 0x00000000007395da in stock_room (shp_indx=11, sroom=0x9024b0 <rooms+9936>) at shknam.c:869
#8 0x0000000000749b60 in fill_room (croom=0x9024b0 <rooms+9936>, prefilled=0 '\000') at sp_lev.c:2555
#9 0x000000000074494e in fill_rooms () at sp_lev.c:819
#10 0x00000000007568b3 in sp_level_coder (lvl=0x186bca0) at sp_lev.c:6191
#11 0x0000000000756b6c in load_special (name=0x7ffc1db5afb0 "minetn-8.lev") at sp_lev.c:6289
#12 0x000000000060c6e6 in makemaz (s=0x16fffba "minetn") at mkmaze.c:1013
#13 0x0000000000603580 in makelevel () at mklev.c:815
#14 0x0000000000604aa8 in mklev () at mklev.c:1218
#15 0x00000000004ac9a4 in goto_level (newlevel=0x7ffc1db5b46e, at_stairs=1 '\001', falling=0 '\000', portal=0 '\000') at do.c:1747
#16 0x00000000004f4438 in next_level (at_stairs=1 '\001') at dungeon.c:1187
#17 0x00000000004ab80a in dodown () at do.c:1292
#18 0x0000000000479fb8 in rhack (cmd=0x8ff1e0 <in_line> ">") at cmd.c:5610
#19 0x0000000000428782 in moveloop (resuming=0 '\000') at allmain.c:882
#20 0x0000000000815d36 in main (argc=1, argv=0x7ffc1db5b798) at ../sys/unix/unixmain.c:353
===================================================================================
Starting program: /home/bouquet/games/evilhackdir/evilhack
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Suddenly, the dungeon collapses.
To report this error, Contact K2 or Tangles on Libera irc channel #hardfought
and it may be possible to rebuild.
Generating more information you may report:
[0] /home/bouquet/games/evilhackdir/evilhack() [0x50b7ed]
[1] /home/bouquet/games/evilhackdir/evilhack() [0x50b79c]
[2] /home/bouquet/games/evilhackdir/evilhack(panic+0x9e) [0x50d874]
[3] /home/bouquet/games/evilhackdir/evilhack(obj_is_local+0x69) [0x7746c3]
[4] /home/bouquet/games/evilhackdir/evilhack() [0x774786]
[5] /home/bouquet/games/evilhackdir/evilhack() [0x774811]
[6] /home/bouquet/games/evilhackdir/evilhack(save_timers+0x52) [0x774899]
[7] /home/bouquet/games/evilhackdir/evilhack(savelev+0x1eb) [0x71fdec]
[8] /home/bouquet/games/evilhackdir/evilhack(dosave0+0x31f) [0x71f42d]
[9] /home/bouquet/games/evilhackdir/evilhack(panic+0x1cd) [0x50d9a3]
[10] /home/bouquet/games/evilhackdir/evilhack(dealloc_obj+0x88) [0x61571d]
[11] /home/bouquet/games/evilhackdir/evilhack(obfree+0x287) [0x724d48]
[12] /home/bouquet/games/evilhackdir/evilhack(rot_organic+0x82) [0x497b97]
[13] /home/bouquet/games/evilhackdir/evilhack(rot_corpse+0x1b6) [0x497d50]
[14] /home/bouquet/games/evilhackdir/evilhack(run_timers+0x7d) [0x773b77]
[15] /home/bouquet/games/evilhackdir/evilhack(goto_level+0x13b4) [0x4ad429]
[16] /home/bouquet/games/evilhackdir/evilhack(next_level+0x89) [0x4f4438]
[17] /home/bouquet/games/evilhackdir/evilhack(dodown+0x1090) [0x4ab80a]
[18] /home/bouquet/games/evilhackdir/evilhack(rhack+0x6ef) [0x479fb8]
[19] /home/bouquet/games/evilhackdir/evilhack(moveloop+0x2563) [0x428782]
Program received signal SIGABRT, Aborted.
0x00007ffff7def834 in __pthread_kill_implementation () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install libgcc-13.3.1-1.fc39.x86_64
===================================================================================
Starting program: /home/bouquet/games/evilhackdir/evilhack 714011
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
MAXPLAYERS are set in sysconf file.
Suddenly, the dungeon collapses.
To report this error, Contact K2 or Tangles on Libera irc channel #hardfought
and it may be possible to rebuild.
Generating more information you may report:
[0] /home/bouquet/games/evilhackdir/evilhack() [0x50b7ed]
[1] /home/bouquet/games/evilhackdir/evilhack() [0x50b79c]
[2] /home/bouquet/games/evilhackdir/evilhack(panic+0x9e) [0x50d874]
[3] /home/bouquet/games/evilhackdir/evilhack(obj_is_local+0x69) [0x7746c3]
[4] /home/bouquet/games/evilhackdir/evilhack() [0x774786]
[5] /home/bouquet/games/evilhackdir/evilhack() [0x774811]
[6] /home/bouquet/games/evilhackdir/evilhack(save_timers+0x52) [0x774899]
[7] /home/bouquet/games/evilhackdir/evilhack(savelev+0x1eb) [0x71fdec]
[8] /home/bouquet/games/evilhackdir/evilhack(dosave0+0x31f) [0x71f42d]
[9] /home/bouquet/games/evilhackdir/evilhack(panic+0x1cd) [0x50d9a3]
[10] /home/bouquet/games/evilhackdir/evilhack(dealloc_obj+0x88) [0x61571d]
[11] /home/bouquet/games/evilhackdir/evilhack(obfree+0x287) [0x724d48]
[12] /home/bouquet/games/evilhackdir/evilhack(rot_organic+0x82) [0x497b97]
[13] /home/bouquet/games/evilhackdir/evilhack(rot_corpse+0x1b6) [0x497d50]
[14] /home/bouquet/games/evilhackdir/evilhack(run_timers+0x7d) [0x773b77]
[15] /home/bouquet/games/evilhackdir/evilhack(goto_level+0x13b4) [0x4ad429]
[16] /home/bouquet/games/evilhackdir/evilhack(next_level+0x89) [0x4f4438]
[17] /home/bouquet/games/evilhackdir/evilhack(dodown+0x1090) [0x4ab80a]
[18] /home/bouquet/games/evilhackdir/evilhack(rhack+0x6ef) [0x479fb8]
[19] /home/bouquet/games/evilhackdir/evilhack(moveloop+0x2563) [0x428782]
Program received signal SIGABRT, Aborted.
0x00007ffff7def834 in __pthread_kill_implementation () from /lib64/libc.so.6
The implementation of races allows for a player's polyform to inherit all of the intrinsics that the player has built up to that point from it's racial side.
As an example, an illithid priest (above level 12 so it has flying) can polymorph into a minotaur that has flying. It will also have telepathy and psychic resistance from ill_abil.
For giants, this means no matter what they poly into they aggravate monsters.
For centaurs above level 5, they might poly into something that shouldn't have jumping innately. Etc, etc.
When Grimtooth procs the disease attack, it always returns out of artifact_hit() function, so it bypasses the instakill section.
The game chooses "gnolls witherling" as the plural for it, yet there are "gnoll clerics", "gnoll hunters" and more.
This can also be observed in dumplogs of a finished game: https://eu.hardfought.org/userdata/N/NetSysFire/evilhack/dumplog/1648388986.evil.html
Reproduced by wishing up a drow and an ettin zombie. Put on a ring of conflict in a lit room and let them fight until the drow's weapon breaks.
ASAN:
=================================================================
==460752==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c00000830a at pc 0x555555b72564 bp 0x7fffffffdbf0 sp 0x7fffffffdbe0
WRITE of size 5 at 0x60c00000830a thread T0
#0 0x555555b72563 in hitmm /home/erik/Documents/EvilHack/src/mhitm.c:836
#1 0x555555b6a668 in mattackm /home/erik/Documents/EvilHack/src/mhitm.c:629
#2 0x555555b5166f in fightm /home/erik/Documents/EvilHack/src/mhitm.c:293
#3 0x555555d02f6b in movemon /home/erik/Documents/EvilHack/src/mon.c:1423
#4 0x55555573c86e in moveloop /home/erik/Documents/EvilHack/src/allmain.c:216
#5 0x5555562c4289 in main ../sys/unix/unixmain.c:353
#6 0x7ffff7365d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#7 0x7ffff7365e3f in __libc_start_main_impl ../csu/libc-start.c:392
#8 0x55555573aac4 in _start (/home/erik/games/evilhackdir/evilhack+0x1e6ac4)
0x60c00000830a is located 74 bytes inside of 128-byte region [0x60c0000082c0,0x60c000008340)
freed by thread T0 here:
#0 0x7ffff7672517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x555555cc53cc in dealloc_obj /home/erik/Documents/EvilHack/src/mkobj.c:2507
#2 0x555555fe101e in obfree /home/erik/Documents/EvilHack/src/shk.c:1023
#3 0x555555a8a1f8 in delobj_core /home/erik/Documents/EvilHack/src/invent.c:1259
#4 0x555555a89e6c in delobj /home/erik/Documents/EvilHack/src/invent.c:1223
#5 0x555555997671 in breakobj /home/erik/Documents/EvilHack/src/dothrow.c:2444
#6 0x555555998e40 in break_glass_obj /home/erik/Documents/EvilHack/src/dothrow.c:2636
#7 0x555555b724e9 in hitmm /home/erik/Documents/EvilHack/src/mhitm.c:835
#8 0x555555b6a668 in mattackm /home/erik/Documents/EvilHack/src/mhitm.c:629
#9 0x555555b5166f in fightm /home/erik/Documents/EvilHack/src/mhitm.c:293
#10 0x555555d02f6b in movemon /home/erik/Documents/EvilHack/src/mon.c:1423
#11 0x55555573c86e in moveloop /home/erik/Documents/EvilHack/src/allmain.c:216
#12 0x5555562c4289 in main ../sys/unix/unixmain.c:353
#13 0x7ffff7365d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
previously allocated by thread T0 here:
#0 0x7ffff7672867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x555555746457 in alloc /home/erik/Documents/EvilHack/src/alloc.c:46
#2 0x555555cb8cd3 in mksobj /home/erik/Documents/EvilHack/src/mkobj.c:866
#3 0x555555af2c26 in mongets /home/erik/Documents/EvilHack/src/makemon.c:3790
#4 0x555555ad2848 in m_initweap /home/erik/Documents/EvilHack/src/makemon.c:1257
#5 0x555555ad6677 in setup_mon_inventory /home/erik/Documents/EvilHack/src/makemon.c:1990
#6 0x555555ae631c in makemon /home/erik/Documents/EvilHack/src/makemon.c:3202
#7 0x555555fa898d in create_particular_creation /home/erik/Documents/EvilHack/src/read.c:3060
#8 0x555555fadab0 in create_particular /home/erik/Documents/EvilHack/src/read.c:3185
#9 0x5555557fa982 in wiz_genesis /home/erik/Documents/EvilHack/src/cmd.c:976
#10 0x55555582a3ae in rhack /home/erik/Documents/EvilHack/src/cmd.c:5544
#11 0x555555742aab in moveloop /home/erik/Documents/EvilHack/src/allmain.c:804
#12 0x5555562c4289 in main ../sys/unix/unixmain.c:353
#13 0x7ffff7365d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: heap-use-after-free /home/erik/Documents/EvilHack/src/mhitm.c:836 in hitmm
Shadow bytes around the buggy address:
0x0c187fff9010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c187fff9020: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c187fff9030: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
0x0c187fff9040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c187fff9050: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c187fff9060: fd[fd]fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c187fff9070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c187fff9080: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c187fff9090: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
0x0c187fff90a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c187fff90b0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==460752==ABORTING
Hello- When building on Gentoo the following QA notice is caught.
../win/tty/wintty.c:2830:27: warning: implicit declaration of function ‘open’; did you mean ‘popen’? [-Wimplicit-function-declaration]
I was mistaken and closed pull 72, opening this issue to track the report.
Thank you!
Hey, while digging down as a centaur monk, i got a an 'Oops' and my game crashed and vanished from the server (hardfought.eu).
The ttyrec had this stacktrace:
Oops...
Hit space to continue: .è–\Ï��������[H�[2J�[H�[?1049l
.è–\����å���Suddenly, the dungeon collapses.
To report this error, Contact K2 on freenode irc channel #hardfought
and it may be possible to rebuild.
.è–\���C���
Signal received.
Generating more information you may report:
.è–\ñ���#���[0] /evilhack-0.3.1/evilhack() [0x4c1a45]
[1] /evilhack-0.3.1/evilhack() [0x4c19e5]
[2] /evilhack-0.3.1/evilhack() [0x4c1877]
[3] /lib/x86_64-linux-gnu/libc.so.6(+0x354b0) [0x7ff8226964b0]
[4] /evilhack-0.3.1/evilhack(obj_is_local+0x10) [0x637a30]
[5] /evilhack-0.3.1/evilhack() [0x637b49]
[6] /evilhack-0.3.1/evilhack() [0x637bd4]
[7] /evilhack-0.3.1/evilhack(save_timers+0x61) [0x637c6b]
[8] /evilhack-0.3.1/evilhack(savelev+0x1f1) [0x5f40cf]
[9] /evilhack-0.3.1/evilhack(dosave0+0x2ac) [0x5f36ad]
[10] /evilhack-0.3.1/evilhack(panic+0x1df) [0x4c2f53]
[11] /evilhack-0.3.1/evilhack() [0x5eb9cb]
[12] /evilhack-0.3.1/evilhack(getlev+0x392) [0x5ec381]
[13] /evilhack-0.3.1/evilhack(getbones+0x226) [0x44280b]
[14] /evilhack-0.3.1/evilhack(mklev+0x2b) [0x53e48e]
[15] /evilhack-0.3.1/evilhack(goto_level+0x717) [0x47f200]
[16] /evilhack-0.3.1/evilhack(digactualhole+0xf63) [0x46cf33]
[17] /evilhack-0.3.1/evilhack(dighole+0x58a) [0x46da1b]
[18] /evilhack-0.3.1/evilhack() [0x46b488]
[19] /evilhack-0.3.1/evilhack(moveloop+0xf3b) [0x4235ab]
Hi, was porting the object materials from this over to a variant I'm working on and spotted a minor bug:
o_material() in src/detect.c checks the material of variable obj in the loop; it should be checking otmp, which it's actually looping through. As-is, it will fail to spot any items of the desired material inside containers, unless those items happen to be containers themselves.
I don't think this is used for anything but gold detection in vanilla, but might be significant if there's something else calling it I'm not aware of.
Tested playing as a monk, reaching Grand Master in martial arts and enjoying the 3 (two hands and a kick) attacks a turn. I tried forcing the sentient arise as a vampire, but only get one regular claw attack and a bite. Obviously this is a major downgrade over Grand Master. I can see arguments either way: vampires are monsters and have a special monster attack (the level-draining bite). But they're also physiologically human to the point where they leave human corpses, and aren't lumbering zombies or mummies who would lack the agility to do a roundhouse kick. If anything vampires tend to be much more agile than non-undead humans in fiction.
Pretty self explanatory. When selected to teleport to the square you are already on using a scroll (and perhaps other means), the game still prints "you materialize in a different location!". Strangely, it also doesn't auto-ID the scroll. I'm not sure if this also applies to rings, wands, telecontrolled teleportitis, etc.
Hello- When building on Gentoo the following QA warning is caught.
dogmove.c: In function ‘droppables’: cc1: warning: function may return address of local variable [-Wreturn-local-addr] dogmove.c:266:28: note: declared here dogmove.c:266:28: note: declared here dogmove.c:266:28: note: declared here dogmove.c:266:28: note: declared here dogmove.c:266:28: note: declared here dogmove.c:266:28: note: declared here dogmove.c:266:28: note: declared here
Please advise what additional info is needed.
Thank you!
Control reaches end of non-void function on line 3319 of mhitu.c
Can't wait to try EvilHack!
shknam.c seems to have the code for this but after visiting minetown 3 times with 3 different monks, it always resulted in a standard deli.
shknam.c lines 501-505:
if (nlp == shkfoods && In_mines(&u.uz) && Role_if(PM_MONK)
&& (sptr = Is_special(&u.uz)) != 0 && sptr->flags.town) {
/* special-case override for minetown food store for monks */
nlp = shkhealthfoods;
}
Hi,
macOS 14.1
Xcode Version 15.0.1 (15A507), which I believe to be current.
building from gitlab head, commit
commit 2f7a48a86f094c560f15ad701b8ac22580652a25 (HEAD, origin/master, origin/HEAD)
Merge: e43778f1b 10b976c80
Author: Keith Simpson <[email protected]>
Date: Wed Nov 8 13:25:07 2023 -0500
Merge pull request #160 from saltwaterterrapin/master
When linking, I get the error
ld: Undefined symbols:
_restore_savefile, referenced from:
_getlock in unixunix.o
clang: error: linker command failed with exit code 1 (use -v to see invocation)
I followed the instructions in sys/unix/README.xcode and I'm pretty sure I got the local Xcode Local Config with the team correct, although I've never set that up before. Regardless, I'd be surprised if getting that bit wrong caused a linker error.
Wishing for 'a helm of telepathy' will (might?) result in a random helm with the 'telepathy' property. This is problematic as the actual item 'helm of telepathy' still exists in the game. Either the item should be removed, or readobjnam should do strict matching for existing items with that name before considering properties.
See this bug 'in action' in this reddit thread: https://www.reddit.com/r/nethack/comments/z86oht/i_wished_for_a_helm_of_telepathy_but_got_opposite/
A level was generated that seemed to not allow access to the next stairs due to iron bars being in the way, and no other way to the other part of the room (I very thoroughly checked for secret doors along any walls that could have had a passage leading there). I was able to get through by sheer luck by zapping myself with an unknown wand that ended up polymorphing me into a gray ooze, which was able to eat through one of the bars. Version string is: MacOSX EvilHack Version 0.6.0-0 post-release - last build Sun Aug 2 12:57:53 2020.
A screenshot is attached (after the ooze bar-eating):
Seems to be a problem when accessing the roles array - I'm guessing because it's trying to use flags.pantheon and maybe it isn't initialized? This only occurs when ASAN is enabled, and only for the drow race.
role.c: 2545-2546
while (!roles[flags.pantheon].lgod) /* unless they're missing */
flags.pantheon = randrole(FALSE);
=================================================================
==19564==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5555564cc5d8 at pc 0x555555fbedaf bp 0x7fffffffe440 sp 0x7fffffffe430
READ of size 8 at 0x5555564cc5d8 thread T0
#0 0x555555fbedae in role_init /home/lunatunez/EvilHack/src/role.c:2545
#1 0x555555744b6d in newgame /home/lunatunez/EvilHack/src/allmain.c:1014
#2 0x5555562b1ba9 in main ../sys/unix/unixmain.c:348
#3 0x7ffff7362082 in __libc_start_main ../csu/libc-start.c:308
#4 0x55555573aacd in _start (/home/lunatunez/games/evilhackdir/evilhack+0x1e6acd)
0x5555564cc5d8 is located 8 bytes to the left of global variable 'striped_msgs' defined in 'read.c:267:30' (0x5555564cc5e0) of size 80
0x5555564cc5d8 is located 40 bytes to the right of global variable 'explaintext' defined in 'pickup.c:2756:30' (0x5555564cc540) of size 112
SUMMARY: AddressSanitizer: global-buffer-overflow /home/lunatunez/EvilHack/src/role.c:2545 in role_init
Shadow bytes around the buggy address:
0x0aab2ac91860: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0aab2ac91870: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9
0x0aab2ac91880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2ac91890: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x0aab2ac918a0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x0aab2ac918b0: 00 00 00 00 00 00 f9 f9 f9 f9 f9[f9]00 00 00 00
0x0aab2ac918c0: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00
0x0aab2ac918d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2ac918e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2ac918f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2ac91900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==19564==ABORTING
Does it make sense that an e.g. human neutral tourist should be unable to wield Shadowblade? They'd be able to wield Stormbringer with only the usual blast damage. Its partner in forging is Werebane, which is a basic unaligned artifact weapon. I could understand why a werecreature should have trouble with Shadowblade. I'm even getting blasted by it as a chaotic.
Forged artifacts tend to either retain the alignment and class of one/both the base items, or they become less restrictive (eg Tempest is unaligned from two neutral artifacts). It seems like an oversight that only one forged artifact could suddenly be unwieldable by someone who could wield both the base weapons.
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=139873801873344) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=139873801873344) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=139873801873344, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x00007f36e801a476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007f36e80007f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x000055846aa2483c in NH_abort () at end.c:236
#6 0x000055846aa2af5c in panic (str=0x55846b483bc0 "%s") at end.c:784
#7 0x000055846af4d882 in impossible (s=0x55846b42d520 "%s attacks you without knowing your location?") at pline.c:518
#8 0x000055846ac6c9ea in wildmiss (mtmp=0x6110000f2ac0, mattk=0x55846b55a1bc <mons+45468>) at mhitu.c:464
#9 0x000055846ac7e70a in mattacku (mtmp=0x6110000f2ac0) at mhitu.c:1061
#10 0x000055846adfe83e in dochug (mtmp=0x6110000f2ac0) at monmove.c:994
#11 0x000055846adea111 in dochugw (mtmp=0x6110000f2ac0) at monmove.c:176
#12 0x000055846ad5a820 in movemon () at mon.c:1427
#13 0x000055846a774900 in moveloop (resuming=0 '\000') at allmain.c:218
#14 0x000055846b32bfe5 in main (argc=0, argv=0x7fff09cf0cb8) at ../sys/unix/unixmain.c:353
Extra info after the crash:
(rr) p toplines
$9 = "You splash through the shallow water.", '\000' <repeats 262 times>
(rr) p moves
$2 = 13124408
(rr) p u.umonster
$3 = 467
(rr) p u.umonnum
$4 = 467
(rr) p urace.malenum
$5 = 363
(rr) p u.uz
$6 = {dnum = 3 '\003', dlevel = 2 '\002'}
mtmp is: #define PM_PIRANHA 437
(rr) p u.ux
$11 = 18 '\022'
(rr) p u.uy
$12 = 9 '\t'
(rr)
We can see mux and muy don't match u.ux or u.uy.
The piranha thinks we are at (5, 12) but we are at (18, 9)
Piranha's knowledge changed on move 13124408 (same turn as crash)
So I watched our x coordinate (u.ux) and it took me to this:
#0 u_on_newpos (x=18, y=9) at dungeon.c:1226
#1 0x000055846b11229f in teleds (nux=18, nuy=9, teleds_flags=3) at teleport.c:400
#2 0x000055846b112c1d in safe_teleds (teleds_flags=3) at teleport.c:467
#3 0x000055846b18209a in drown () at trap.c:4639
#4 0x000055846aaab560 in pooleffects (newspot=1 '\001') at hack.c:2443
#5 0x000055846aaacf10 in spoteffects (pick=1 '\001') at hack.c:2537
#6 0x000055846af51774 in polyman (fmt=0x55846b485980 "return to %s form!", arg=0x55846b4ab040 "dark elven") at polyself.c:260
#7 0x000055846af5ccae in rehumanize () at polyself.c:1260
#8 0x000055846acb25bf in mdamageu (mtmp=0x6110000f2ac0, n=10) at mhitu.c:3767
#9 0x000055846ac99726 in hitmu (mtmp=0x6110000f2ac0, mattk=0x55846b55a1b8 <mons+45464>) at mhitu.c:2629
#10 0x000055846ac7e327 in mattacku (mtmp=0x6110000f2ac0) at mhitu.c:1029
#11 0x000055846adfe83e in dochug (mtmp=0x6110000f2ac0) at monmove.c:994
#12 0x000055846adea111 in dochugw (mtmp=0x6110000f2ac0) at monmove.c:176
#13 0x000055846ad5a820 in movemon () at mon.c:1427
#14 0x000055846a774900 in moveloop (resuming=0 '\000') at allmain.c:218
#15 0x000055846b32bfe5 in main (argc=0, argv=0x7fff09cf0cb8) at ../sys/unix/unixmain.c:353
(rr) p toplines
$16 = "You materialize in a different location!", '\000' <repeats 259 times>
My hypothesis:
I'm not sure this has anything to do with drow, but it looks like a piranha killed the player on the first bite, the player rehumanized back into a drow, drowned, came back to life (cause wizmode), then safe_teleds to somewhere else, but the piranha's knowledge of the player's coordinates was not updated and it continued to it's second bite attack.
Reproduction:
I was successful in replicating this. First I turned sanity_check on, then I went to medusa's level, polymorphed into a killer bee, and flew in a spot surrounded by water. Then I summoned a piranha. It killed me on the first hit and I rehumanized into my base form. When the prompt asked if I wanted to die, I said NO, then insta teleported to random land, the piranha continued its second attack and triggered the program in disorder.
Conclusion:
This might not be limited to wizmode, a mind flayer wearing an amulet of lifesaving could also possibly trigger this.
This might also be in Vanilla but I did not check.
I see the drow objects in alt_spellings in objnam.c, but wishing for "drow arrow", "drow arrows", "5 drow arrows" makes the wish fail.
Looks like armor is being destroyed here:
Line 266 in 8b2e3b0
and then referenced again here:
Line 271 in 8b2e3b0
ASAN output:
==73452==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0004349ca at pc 0x55af3fb6b12e bp 0x7ffe1957eb40 sp 0x7ffe1957eb30
READ of size 5 at 0x60c0004349ca thread T0
#0 0x55af3fb6b12d in missmu /home/user/Documents/EvilHack/src/mhitu.c:271
#1 0x55af3fb8a637 in mattacku /home/user/Documents/EvilHack/src/mhitu.c:1048
#2 0x55af3fd0a80f in dochug /home/user/Documents/EvilHack/src/monmove.c:994
#3 0x55af3fcf60e2 in dochugw /home/user/Documents/EvilHack/src/monmove.c:176
#4 0x55af3fc667f1 in movemon /home/user/Documents/EvilHack/src/mon.c:1427
#5 0x55af3f6808ff in moveloop /home/user/Documents/EvilHack/src/allmain.c:218
#6 0x55af40237f85 in main ../sys/unix/unixmain.c:353lmain.c:344
#7 0x7f250dc01d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#8 0x7f250dc01e3f in __libc_start_main_impl ../csu/libc-start.c:392
#9 0x55af3f67eac4 in _start (/home/user/games/evilhackdir/evilhack+0x1e9ac4)
0x60c0004349ca is located 74 bytes inside of 128-byte region [0x60c000434980,0x60c000434a00)
freed by thread T0 here:
#0 0x7f250e1a9537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x55af3fc28adc in dealloc_obj /home/user/Documents/EvilHack/src/mkobj.c:2515
#2 0x55af3ff4b55d in obfree /home/user/Documents/EvilHack/src/shk.c:1030
#3 0x55af3f9db5d5 in delobj_core /home/user/Documents/EvilHack/src/invent.c:1268
#4 0x55af3f9db249 in delobj /home/user/Documents/EvilHack/src/invent.c:1232
#5 0x55af3f8e50d2 in breakobj /home/user/Documents/EvilHack/src/dothrow.c:2442
#6 0x55af3f8e68a1 in break_glass_obj /home/user/Documents/EvilHack/src/dothrow.c:2634
#7 0x55af3fb6b04f in missmu /home/user/Documents/EvilHack/src/mhitu.c:266
#8 0x55af3fb8a637 in mattacku /home/user/Documents/EvilHack/src/mhitu.c:1048
#9 0x55af3fd0a80f in dochug /home/user/Documents/EvilHack/src/monmove.c:994
#10 0x55af3fcf60e2 in dochugw /home/user/Documents/EvilHack/src/monmove.c:176
#11 0x55af3fc667f1 in movemon /home/user/Documents/EvilHack/src/mon.c:1427
#12 0x55af3f6808ff in moveloop /home/user/Documents/EvilHack/src/allmain.c:218
#13 0x55af40237f85 in main ../sys/unix/unixmain.c:353
#14 0x7f250dc01d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
previously allocated by thread T0 here:
#0 0x7f250e1a9887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x55af3f68a8e4 in alloc /home/user/Documents/EvilHack/src/alloc.c:46
#2 0x55af3fc1c336 in mksobj /home/user/Documents/EvilHack/src/mkobj.c:867
#3 0x55af3fc188bf in mkobj /home/user/Documents/EvilHack/src/mkobj.c:350
#4 0x55af3fc1822f in mkobj_at /home/user/Documents/EvilHack/src/mkobj.c:275
#5 0x55af3fbf9804 in makelevel /home/user/Documents/EvilHack/src/mklev.c:1088
#6 0x55af3fbfaaf3 in mklev /home/user/Documents/EvilHack/src/mklev.c:1218
#7 0x55af3f73f3d9 in wiz_makemap /home/user/Documents/EvilHack/src/cmd.c:894
#8 0x55af3f770729 in rhack /home/user/Documents/EvilHack/src/cmd.c:5577
#9 0x55af3f686e00 in moveloop /home/user/Documents/EvilHack/src/allmain.c:816
#10 0x55af40237f85 in main ../sys/unix/unixmain.c:353
#11 0x7f250dc01d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: heap-use-after-free /home/user/Documents/EvilHack/src/mhitu.c:271 in missmu
Shadow bytes around the buggy address:
0x0c188007e8e0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c188007e8f0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c188007e900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c188007e910: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c188007e920: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
=>0x0c188007e930: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd
0x0c188007e940: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c188007e950: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c188007e960: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c188007e970: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c188007e980: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==73452==ABORTING
Backtrace:
(rr) bt
#0 __sanitizer::internal__exit (exitcode=1) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_linux.cpp:448
#1 0x00007f250e1d32d7 in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:59
#2 0x00007f250e1b277c in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7ffe1957dec6, __in_chrg=<optimized out>)
at ../../../../src/libsanitizer/asan/asan_report.cpp:190
#3 0x00007f250e1b2015 in __asan::ReportGenericError (pc=94211176575278, bp=bp@entry=140729323612992, sp=sp@entry=140729323612976,
addr=106377754397130, is_write=is_write@entry=false, access_size=5, exp=0, fatal=true) at ../../../../src/libsanitizer/asan/asan_report.cpp:478
#4 0x00007f250e1b3638 in __asan::__asan_report_load_n (addr=<optimized out>, size=<optimized out>)
at ../../../../src/libsanitizer/asan/asan_rtl.cpp:146
#5 0x000055af3fb6b12e in missmu (mtmp=0x6110003cbe40, target=19, roll=14, mattk=0x55af4045c420 <mons+5120>) at mhitu.c:271
#6 0x000055af3fb8a638 in mattacku (mtmp=0x6110003cbe40) at mhitu.c:1048
#7 0x000055af3fd0a810 in dochug (mtmp=0x6110003cbe40) at monmove.c:994
#8 0x000055af3fcf60e3 in dochugw (mtmp=0x6110003cbe40) at monmove.c:176
#9 0x000055af3fc667f2 in movemon () at mon.c:1427
#10 0x000055af3f680900 in moveloop (resuming=0 '\000') at allmain.c:218
#11 0x000055af40237f86 in main (argc=0, argv=0x7ffe1957f668) at ../sys/unix/unixmain.c:353
# misc info.
(rr) p moves
$1 = 5400294
(rr) p u.uz
$2 = {dnum = 0 '\000', dlevel = 2 '\002'}
(rr) p u.umonnum
$3 = 471
(rr) p u.umonster
$4 = 471
(rr) p urace.malenum
$5 = 239
(rr) p toplines
$7 = "You die... Your dark elven chain mail deflects the lynx's attack. Your dark elven chain mail crumbles into fragments!", '\000' <repeats 180 times>
I received the following message when playing as a Tortle and polymorphed into a jackal due to lycanthropy.
"Your protective shell blocks the monkey's attack."
Example: "Ecch - that must have been poisonous! This kobold corpse tastes okay."
Might make more sense to omit the second part if we eat a poisonous corpse - or only use a negative description.
I've been having this problem (playing on hardfought, .evilrc: https://www.hardfought.org/userdata/m/mung/evilhack/mung.evilrc )
Using traditional menustyle, if I press 'D' to drop multiple items, then '$' and Enter to drop coins, I get asked if I want to drop my coins, but:
I spent a bit of time with the code, and I've written a fix to illustrate where the problem is, but it may break other things - I've only tested to make sure it stops the above behaviour.
Essentially, in askchain for the COIN_CLASS case, '$' is not getting added to olets, so (I think) it is as if player simply pressed Enter rather than '$', Enter. Dumb fix follows:
diff --git a/src/invent.c b/src/invent.c
index 43bb11c38..f03ad257e 100644
--- a/src/invent.c
+++ b/src/invent.c
@@ -2090,6 +2090,11 @@ unsigned *resultflags;
if (oc_of_sym == COIN_CLASS && !combo) {
context.botl = 1;
+ if (!index(olets, oc_of_sym)) {
+ add_valid_menu_class(oc_of_sym);
+ olets[oletct++] = oc_of_sym;
+ olets[oletct] = 0;
+ }
} else if (sym == 'a') {
allflag = TRUE;
} else if (sym == 'A') {
In fountain.c: dipfountain()
Change
if (obj->otyp == POT_ACID && er != ER_DESTROYED) { /* Acid and water don't mix /
to
if (er != ER_DESTROYED && obj->otyp == POT_ACID) { / Acid and water don't mix */
So, for most weapon forging recipes you can make yourself a flow chart and work your way up from darts, arrows, and crossbow bolts to make pretty much anything. Example would be: arrows and darts to knives, turn those to daggers with arrows, turn those to short swords with crossbow bolts, turn those to long swords with each other, combine two long swords and BOOM, you've got a katana. However, the mace recipe is... interesting. Here is what you'll need to do if you want to make a mace in the same way as a katana, tsurugi, trident, etc.
This basically means that if you want another mace as priest, to forge with your existing one to upgrade it to a heavy mace, you need to get blessed with a random hammer or mace. The existing recipes are fine for making what they do, but the problem is obviously that you need to use them to make a mace.
Please help I am confused, forging recipes are complicated :(
Found while fuzzing in wizmode with wizmakemap bound to v. Not sure what to make of it.
Program received signal SIGSEGV, Segmentation fault.
0x000055555586fee6 in recharge (obj=0x555555aea390, curse_bless=0, mtmp=0x555555ae7500)
at read.c:676
676 : (objects[obj->otyp].oc_dir != NODIR) ? 8 : 15;
#0 0x000055555586fee6 in recharge (obj=0x555555aea390, curse_bless=0, mtmp=0x555555ae7500)
at read.c:676
#1 0x00005555557eadd8 in use_misc (mtmp=0x555555ae7500) at muse.c:2954
#2 0x00005555557c3e29 in dochug (mtmp=0x555555ae7500) at monmove.c:634
#3 0x00005555557c118d in dochugw (mtmp=0x555555ae7500) at monmove.c:122
#4 0x0000555555796394 in movemon () at mon.c:1412
#5 0x00005555555a2eb9 in moveloop (resuming=0 '\000') at allmain.c:203
#6 0x000055555597e442 in main (argc=4, argv=0x7fffffffe628) at ../sys/unix/unixmain.c:353
Full backtrace:
#0 0x000055555586fee6 in recharge (obj=0x555555aea390, curse_bless=0, mtmp=0x555555ae7500)
at read.c:676
lim = 21845
n = 1437496576
is_cursed = 0 '\000'
is_blessed = 0 '\000'
yours = 0 '\000'
#1 0x00005555557eadd8 in use_misc (mtmp=0x555555ae7500) at muse.c:2954
i = 0
otmp = 0x555555aebb20
vis = 0 '\000'
vismon = 0 '\000'
oseen = 0 '\000'
nambuf = "\001\000\000\000G\000\000\000\021\000\000\000?\000\000\000\t\000\000\000\021\000\000\000\020\222\257UUU\000\000@\342\377\377\005\000\000\000\004\000\000\000UU\000\000\f\000\000\000\026\000\000\000\b\000\000\000\023\000\000\000\000u\256UUU\000\000 \006\244UUU", '\000' <repeats 11 times>, "u\256UUU\000\000\000\000\000\000\000\000\000\000 \006\244UUU\000\000PծUUU\000\000 \006\244UUU\000\000\020\342\377\377\377\177\000\000{\235~UUU\000\000@4\257UUU\000\000\000u\256UUU\000\000\000\000\000\000\000\000\000\000 \006\244UUU\000\000\000\000\000\000\000\000\000\000 \006\244UUU\000\000p\342\377\377\377\177\000\000\027"...
tt = 0x4300000000
#2 0x00005555557c3e29 in dochug (mtmp=0x555555ae7500) at monmove.c:634
mdat = 0x555555a40620 <mons+46592>
tmp = 0
mdummy = 0x0
inrange = 1
nearby = 0
scared = 0
oldx = 0
oldy = 0
mwalk_sewage = 0 '\000'
#3 0x00005555557c118d in dochugw (mtmp=0x555555ae7500) at monmove.c:122
x = 19
y = 8
already_saw_mon = 0 '\000'
rd = 300
#4 0x0000555555796394 in movemon () at mon.c:1412
mtmp = 0x555555ae7500
nmtmp = 0x0
somebody_can_move = 0 '\000'
#5 0x00005555555a2eb9 in moveloop (resuming=0 '\000') at allmain.c:203
moveamt = 18
wtcap = 0
change = 0
monscanmove = 0 '\000'
timeout_start = 26835
past_clock = 460252
elf_regen = 1 '\001'
orc_regen = 1 '\001'
#6 0x000055555597e442 in main (argc=4, argv=0x7fffffffe628) at ../sys/unix/unixmain.c:353
fd = -1
dir = 0xffffffff <error: Cannot access memory at address 0xffffffff>
exact_username = 0 '\000'
resuming = 0 '\000'
plsel_once = 1 '\001'
After implementing the partial resistance commit, now when a player eats a poisonous corpse, they get a message like this:
Ecch - that must have been poisonous! incoming: 2 outgoing: 2 incoming: 14 outgoing: 14
The first incoming/outgoing values are the drop in STR, the second set of values are the HP lost. No errors that I can see, the game still goes on as normal, and any partial resistances that would be granted are given. Just need to figure out how to suppress the incoming/outgoing data.
The current link to mingw links to a compromised site.
Found in sys\winnt\install.nt
The updated site is listed as follows from the 3.7 Install.windows file
An up-to-date copy of MinGW-w64. MinGW-w64 is a collection of
GNU C Compiler (GCC) executables, headers, files and import
libraries. The official site for MinGW-w64 is
https://www.mingw-w64.org/
The Hammer of the Gods is a forged artifact in EvilHack. It is also the title of a biography of Led Zeppelin. In keeping with the other enhancements to forged artifacts, the Hammer could be used to create a single-use stairway to the next-higher level upon invocation. Or, for simplicity, perhaps it could have exactly the same invocation behavior as the Eye of the Aethiopica instead.
—What do you want to invoke?
—You #Invoke the Hammer of the Gods.
—A shimmering golden cloud appears before you!
—You hear a celestial guitar playing an overly-familiar melody!
—Do you want to ascend? (Y/N)
—Y
—You ascend the Stairway to Heaven!
—The Stairway vanishes!
Or:
—What do you want to invoke?
—You #Invoke the Hammer of the Gods.
—A shimmering golden cloud appears before you!
—You hear a celestial guitar playing an overly-familiar melody!
—To what branch do you wish to teleport?
—The Astral Plane
—The voice of Thor rings out, “No mortal! That shall not be done!”
—The Stairway vanishes!
—What do you want to invoke?
—You #Invoke the Hammer of the Gods.
—You feel the Hammer of the Gods is ignoring you.
What do you think?
This is backtrace from the fuzzer:
Occurred on move 25609.
Role: Ranger
Race: Human
#0 __sanitizer::internal__exit (exitcode=1) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_linux.cpp:448
#1 0x00007f7768cf72b7 in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:59
#2 0x00007f7768cd675c in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7ffff0c78e36, __in_chrg=<optimized out>)
at ../../../../src/libsanitizer/asan/asan_report.cpp:190
#3 0x00007f7768cd5ff5 in __asan::ReportGenericError (pc=93900865714040, bp=bp@entry=140737233001136, sp=sp@entry=140737233001120,
addr=106377756364170, is_write=is_write@entry=true, access_size=5, exp=0, fatal=true) at ../../../../src/libsanitizer/asan/asan_report.cpp:478
#4 0x00007f7768cd771b in __asan::__asan_report_store_n (addr=<optimized out>, size=<optimized out>)
at ../../../../src/libsanitizer/asan/asan_rtl.cpp:147
#5 0x00005566ffbeb778 in hmon_hitmon (mon=0x6110001aabc0, obj=0x60c000614d40, thrown=0, dieroll=4) at uhitm.c:2044
#6 0x00005566ffbcb113 in hmon (mon=0x6110001aabc0, obj=0x60c000614d40, thrown=0, dieroll=4) at uhitm.c:968
#7 0x00005566ffbc73a6 in known_hitum (mon=0x6110001aabc0, weapon=0x60c000614d40, mhit=0x7ffff0c7a170, rollneeded=15, armorpenalty=0,
uattk=0x5566fff4eeb8 <mons+48792>, dieroll=4) at uhitm.c:646
#8 0x00005566ffbc9565 in hitum (mon=0x6110001aabc0, uattk=0x5566fff4eeb8 <mons+48792>) at uhitm.c:826
#9 0x00005566ffbc3e83 in attack (mtmp=0x6110001aabc0) at uhitm.c:591
#10 0x00005566ff4be2d2 in domove_core () at hack.c:1810
#11 0x00005566ff4a9359 in domove () at hack.c:1517
#12 0x00005566ff28bedc in rhack (cmd=0x5567000c7900 <in_line> "k") at cmd.c:5506
#13 0x00005566ff1a4aac in moveloop (resuming=0 '\000') at allmain.c:804
#14 0x00005566ffd2333c in main (argc=0, argv=0x7ffff0c7ad98) at ../sys/unix/unixmain.c:353
This is the ASAN dump from my successful reproduction, I just wished for a crystal ball, wielded it, and attacked something and it broke.
=================================================================
==313483==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c000002b4a at pc 0x55555618973f bp 0x7fffffffd1b0 sp 0x7fffffffd1a0
WRITE of size 5 at 0x60c000002b4a thread T0
#0 0x55555618973e in hmon_hitmon /home/erik/Documents/EvilHack/src/uhitm.c:2044
#1 0x5555561690d9 in hmon /home/erik/Documents/EvilHack/src/uhitm.c:968
#2 0x55555616536c in known_hitum /home/erik/Documents/EvilHack/src/uhitm.c:646
#3 0x55555616752b in hitum /home/erik/Documents/EvilHack/src/uhitm.c:826
#4 0x555556161e49 in attack /home/erik/Documents/EvilHack/src/uhitm.c:591
#5 0x555555a5c298 in domove_core /home/erik/Documents/EvilHack/src/hack.c:1810
#6 0x555555a4731f in domove /home/erik/Documents/EvilHack/src/hack.c:1517
#7 0x555555829ea2 in rhack /home/erik/Documents/EvilHack/src/cmd.c:5506
#8 0x555555742aab in moveloop /home/erik/Documents/EvilHack/src/allmain.c:804
#9 0x5555562c1302 in main ../sys/unix/unixmain.c:353
#10 0x7ffff7365d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#11 0x7ffff7365e3f in __libc_start_main_impl ../csu/libc-start.c:392
#12 0x55555573aac4 in _start (/home/erik/games/evilhackdir/evilhack+0x1e6ac4)
0x60c000002b4a is located 74 bytes inside of 128-byte region [0x60c000002b00,0x60c000002b80)
freed by thread T0 here:
#0 0x7ffff7672517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x555555cc532e in dealloc_obj /home/erik/Documents/EvilHack/src/mkobj.c:2507
#2 0x555555fe0f80 in obfree /home/erik/Documents/EvilHack/src/shk.c:1023
#3 0x555555a8a15a in delobj_core /home/erik/Documents/EvilHack/src/invent.c:1259
#4 0x555555a89dce in delobj /home/erik/Documents/EvilHack/src/invent.c:1223
#5 0x5555559975d6 in breakobj /home/erik/Documents/EvilHack/src/dothrow.c:2444
#6 0x555555998da5 in break_glass_obj /home/erik/Documents/EvilHack/src/dothrow.c:2636
#7 0x55555618960d in hmon_hitmon /home/erik/Documents/EvilHack/src/uhitm.c:2042
#8 0x5555561690d9 in hmon /home/erik/Documents/EvilHack/src/uhitm.c:968
#9 0x55555616536c in known_hitum /home/erik/Documents/EvilHack/src/uhitm.c:646
#10 0x55555616752b in hitum /home/erik/Documents/EvilHack/src/uhitm.c:826
#11 0x555556161e49 in attack /home/erik/Documents/EvilHack/src/uhitm.c:591
#12 0x555555a5c298 in domove_core /home/erik/Documents/EvilHack/src/hack.c:1810
#13 0x555555a4731f in domove /home/erik/Documents/EvilHack/src/hack.c:1517
#14 0x555555829ea2 in rhack /home/erik/Documents/EvilHack/src/cmd.c:5506
#15 0x555555742aab in moveloop /home/erik/Documents/EvilHack/src/allmain.c:804
#16 0x5555562c1302 in main ../sys/unix/unixmain.c:353
#17 0x7ffff7365d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
previously allocated by thread T0 here:
#0 0x7ffff7672867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x555555746457 in alloc /home/erik/Documents/EvilHack/src/alloc.c:46
#2 0x555555cb8c35 in mksobj /home/erik/Documents/EvilHack/src/mkobj.c:866
#3 0x555555e6cb72 in readobjnam /home/erik/Documents/EvilHack/src/objnam.c:4667
#4 0x5555562bd5a1 in makewish /home/erik/Documents/EvilHack/src/zap.c:6464
#5 0x5555557f982e in wiz_wish /home/erik/Documents/EvilHack/src/cmd.c:811
#6 0x55555582a3ae in rhack /home/erik/Documents/EvilHack/src/cmd.c:5544
#7 0x555555742aab in moveloop /home/erik/Documents/EvilHack/src/allmain.c:804
#8 0x5555562c1302 in main ../sys/unix/unixmain.c:353
#9 0x7ffff7365d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: heap-use-after-free /home/erik/Documents/EvilHack/src/uhitm.c:2044 in hmon_hitmon
Shadow bytes around the buggy address:
0x0c187fff8510: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c187fff8520: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
0x0c187fff8530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c187fff8540: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c187fff8550: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
=>0x0c187fff8560: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd
0x0c187fff8570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff85a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff85b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==313483==ABORTING
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.