From 00e590f5f524a84fd5b304ba7e1c0ccb330a39e3 Mon Sep 17 00:00:00 2001
From: Bill Currie <bill@taniwha.org>
Date: Wed, 13 Jan 2010 06:36:16 +0000
Subject: [PATCH] Really nail down the args param in rua_obj_msg_sendv().

---
 include/QF/progs.h             | 3 +++
 libs/gamecode/engine/pr_exec.c | 4 ++--
 libs/gamecode/engine/pr_load.c | 2 +-
 libs/ruamoko/rua_obj.c         | 8 ++++----
 4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/include/QF/progs.h b/include/QF/progs.h
index 0faf2e220..308c37b05 100644
--- a/include/QF/progs.h
+++ b/include/QF/progs.h
@@ -204,6 +204,9 @@ int PR_RunLoadFuncs (progs_t *pr);
 */
 int PR_Check_Opcodes (progs_t *pr);
 
+void PR_BoundsCheckSize (progs_t *pr, int addr, unsigned size);
+void PR_BoundsCheck (progs_t *pr, int addr, etype_t type);
+
 //@}
 
 /** \defgroup progs_edict Edict management
diff --git a/libs/gamecode/engine/pr_exec.c b/libs/gamecode/engine/pr_exec.c
index e79112ecd..167ce4893 100644
--- a/libs/gamecode/engine/pr_exec.c
+++ b/libs/gamecode/engine/pr_exec.c
@@ -257,7 +257,7 @@ PR_LeaveFunction (progs_t *pr)
 			&pr->localstack[pr->localstack_used], sizeof (pr_type_t) * c);
 }
 
-static void
+VISIBLE void
 PR_BoundsCheckSize (progs_t *pr, int addr, unsigned size)
 {
 	if (addr < 0 || addr >= pr->globals_size
@@ -266,7 +266,7 @@ PR_BoundsCheckSize (progs_t *pr, int addr, unsigned size)
 					 pr->globals_size, size);
 }
 
-static void
+VISIBLE void
 PR_BoundsCheck (progs_t *pr, int addr, etype_t type)
 {
 	PR_BoundsCheckSize (pr, addr, pr_type_size[type]);
diff --git a/libs/gamecode/engine/pr_load.c b/libs/gamecode/engine/pr_load.c
index 7aa44fe3e..01205dcdf 100644
--- a/libs/gamecode/engine/pr_load.c
+++ b/libs/gamecode/engine/pr_load.c
@@ -55,7 +55,7 @@ static __attribute__ ((used)) const char rcsid[] =
 
 #include "compat.h"
 
-cvar_t     *pr_boundscheck;
+VISIBLE cvar_t *pr_boundscheck;
 cvar_t     *pr_deadbeef_ents;
 cvar_t     *pr_deadbeef_locals;
 cvar_t     *pr_faultchecks;
diff --git a/libs/ruamoko/rua_obj.c b/libs/ruamoko/rua_obj.c
index 280c240a8..b6770bf3d 100644
--- a/libs/ruamoko/rua_obj.c
+++ b/libs/ruamoko/rua_obj.c
@@ -912,14 +912,14 @@ rua_obj_msg_sendv (progs_t *pr)
 	int         count = args->count;
 	func_t      imp = obj_msg_lookup (pr, receiver, op);
 
-	//FIXME bounds checking
+	count = bound (0, count, 6);
+	if (count && pr_boundscheck->int_val)
+		PR_BoundsCheckSize (pr, args->list, count * pr->pr_param_size);
 	if (!imp)
 		PR_RunError (pr, "%s does not respond to %s",
 					 PR_GetString (pr, object_get_class_name (pr, receiver)),
 					 PR_GetString (pr, pr->selector_names[op->sel_id]));
-	if (count > 6)
-		count = 6;
-	if (count > 0)
+	if (count)
 		memcpy (pr->pr_params[2], params, count * 4 * pr->pr_param_size);
 	PR_CallFunction (pr, imp);
 }