[qfcc] Fix an overflow for matrix values

ex_value_t keeps getting bigger :P
2025-04-07 01:42:04 +00:00 · 2024-12-05 00:22:38 +09:00 · 2024-12-05 00:22:38 +09:00 · 5e053fe270
commit 5e053fe270
parent 7bbbbe1f0e
2 changed files with 4 additions and 0 deletions
--- a/tools/qfcc/include/expr.h
+++ b/tools/qfcc/include/expr.h
@ -225,6 +225,7 @@ typedef struct ex_value_s {
 	bool        is_constexpr;
 	union {
 		pr_type_t   raw_value;			///< for memcpy
+		pr_dvec4_t  raw_matrix[4];		///< so ex_vector_t is big enough
 		const char *string_val;			///< string constant
 		double      double_val;			///< double constant
 		int64_t     long_val;			///< signed 64-bit constant
--- a/tools/qfcc/source/value.c
+++ b/tools/qfcc/source/value.c
@ -303,6 +303,9 @@ new_type_value (const type_t *type, const pr_type_t *data)
 {
 	size_t      typeSize = type_size (type) * sizeof (pr_type_t);
 	ex_value_t  val = {};
+	if (typeSize > sizeof (val) - field_offset (ex_value_t, raw_value)) {
+		internal_error (0, "value too large");
+	}
 	set_val_type (&val, type);
 	memcpy (&val.raw_value, data, typeSize);
 	return find_value (&val);