If wimp is set to a 4 digit value, for example, you get a buffer overflow (as buf2 is size 4). snprintf should keep it from overflowing, but should maybe adjust the buffer size also.
Code:
diff --git a/src/act.informative.c b/src/act.informative.c
index 3a0ed9b..8e753f9 100644
--- a/src/act.informative.c
+++ b/src/act.informative.c
@@ -2388,7 +2388,7 @@ ACMD(do_toggle)
if (!GET_WIMP_LEV(ch))
strcpy(buf2, "OFF"); /* strcpy: OK */
else
- sprintf(buf2, "%-3.3d", GET_WIMP_LEV(ch)); /* sprintf: OK */
+ snprintf(buf2, sizeof(buf2), "%-3.3d", GET_WIMP_LEV(ch)); /* sprintf: NOT OK if 4 digits */
if (GET_LEVEL(ch) == LVL_IMPL) {
send_to_char(ch,
eb 16 20:45:01 2025 :: OLC: test turned buildwalk on. Allowed zone 0
Feb 16 20:45:03 2025 :: OLC: test turned buildwalk off. Allowed zone 0
*** buffer overflow detected ***: terminated
Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at ./nptl/pthread_kill.c:44
warning: 44 ./nptl/pthread_kill.c: No such file or directory
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (threadid=<optimized out>, signo=6) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x00007ffff744519e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff7428902 in __GI_abort () at ./stdlib/abort.c:79
#5 0x00007ffff742976c in __libc_message_impl (fmt=fmt@entry=0x7ffff75dc770 "*** %s ***: terminated\n")
at ../sysdeps/posix/libc_fatal.c:134
#6 0x00007ffff7541049 in __GI___fortify_fail (msg=msg@entry=0x7ffff75dc757 "buffer overflow detected")
at ./debug/fortify_fail.c:24
#7 0x00007ffff75409e4 in __GI___chk_fail () at ./debug/chk_fail.c:28
#8 0x00007ffff748dd00 in __vsprintf_internal (string=string@entry=0x7fffffffcc4c "1000", maxlen=maxlen@entry=4,
format=<optimized out>, args=args@entry=0x7fffffffc4e0, mode_flags=mode_flags@entry=6) at ./libio/iovsprintf.c:67
#9 0x00007ffff754228f in ___sprintf_chk (s=s@entry=0x7fffffffcc4c "1000", flag=flag@entry=2, slen=slen@entry=4,
format=format@entry=0x5555556ec59b "%-3.3d") at ./debug/sprintf_chk.c:40
#10 0x0000555555583413 in sprintf (__s=0x7fffffffcc4c "1000", __fmt=0x5555556ec59b "%-3.3d")
at /usr/include/x86_64-linux-gnu/bits/stdio2.h:30
#11 do_toggle (ch=0x555555f6ae50, argument=<optimized out>, cmd=<optimized out>, subcmd=<optimized out>)
at act.informative.c:2391
#12 0x0000555555632543 in command_interpreter (ch=0x555555f6ae50, argument=<optimized out>,
argument@entry=0x7fffffffd580 "toggle") at interpreter.c:661
#13 0x00005555555dc1a9 in game_loop (local_mother_desc=4) at comm.c:907
#14 0x000055555556d8d7 in init_game (local_port=<optimized out>) at comm.c:544
#15 main (argc=<optimized out>, argv=<optimized out>) at comm.c:355
(gdb) quit
