Bug: Previous fix for deleted rooms is itself a crash vector
Danger: High - Legitimately missing vnums will now cause a crash instead
Discovered in: AFKMud 1.77
Found by: Kigen
Fixed by: Kigen

---

handler.c, char_to_room

Locate:

   if( !get_room_index( pRoomIndex->vnum ) )
      pRoomIndex = NULL;

   if( !pRoomIndex )
   {
      bug( "Char_to_room: %s -> NULL room!  Putting char in limbo (%d)", ch->name, ROOM_VNUM_LIMBO );
      /*
       * This used to just return, but there was a problem with crashing
       * and I saw no reason not to just put the char in limbo.  -Narn
       */
      pRoomIndex = get_room_index( ROOM_VNUM_LIMBO );
      if( !pRoomIndex )
      {
         bug( "FATAL: char_to_room: Limbo room is MISSING! Expect crash! %s:%s, line %d", __FILE__, __FUNCTION__, __LINE__ );
         return FALSE;
      }
   }

Change to:

   if( !pRoomIndex || !get_room_index( pRoomIndex->vnum ) )
   {
      bug( "Char_to_room: %s -> NULL room!  Putting char in limbo (%d)", ch->name, ROOM_VNUM_LIMBO );
      /*
       * This used to just return, but there was a problem with crashing
       * and I saw no reason not to just put the char in limbo.  -Narn
       */
      pRoomIndex = get_room_index( ROOM_VNUM_LIMBO );
      if( !pRoomIndex )
      {
         bug( "FATAL: char_to_room: Limbo room is MISSING! Expect crash! %s:%s, line %d", __FILE__, __FUNCTION__, __LINE__ );
         return FALSE;
      }
   }

The order of the checks turned out to be a really REALLY bad idea. While it would have sufficed in the case of deleted rooms which the person ended up standing in due to a bad pointer, checking the vnum of a truly missing pRoomIndex value would result in a crash. So while the original fix did work, it generated itself a brand new bug that wasn't caught. This fix now addresses both issues with the proper logic.