mirror of
https://github.com/DrBeef/Raze.git
synced 2024-11-16 01:11:28 +00:00
game.c: remove dead bounds check for cheatbuf[], add assertion.
The check is dead because it is made after the fact (oob access), but the cheat string matching logic below actually assures that cheatbuflen < sizeof(cheatbuf) at all times. Exposed using the Stack tool from http://css.csail.mit.edu/stack/ . Also, in gamedef.c's definecheat handling, print the string length (19), not the buffer length (20) if the cheat was truncated. git-svn-id: https://svn.eduke32.com/eduke32@4016 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
parent
7a9e9fada4
commit
171226c7ac
2 changed files with 6 additions and 8 deletions
|
@ -7973,7 +7973,8 @@ static void end_cheat(void)
|
|||
KB_FlushKeyboardQueue();
|
||||
}
|
||||
|
||||
static int8_t cheatbuf[MAXCHEATLEN], cheatbuflen;
|
||||
static int32_t cheatbuflen;
|
||||
static int8_t cheatbuf[MAXCHEATLEN];
|
||||
|
||||
GAME_STATIC void G_DoCheats(void)
|
||||
{
|
||||
|
@ -8016,15 +8017,12 @@ GAME_STATIC void G_DoCheats(void)
|
|||
}
|
||||
|
||||
cheatbuf[cheatbuflen++] = (int8_t)ch;
|
||||
// This assertion is not obvious, but it should hold because of the
|
||||
// cheat string matching logic below.
|
||||
Bassert(cheatbuflen < (signed)sizeof(cheatbuf));
|
||||
cheatbuf[cheatbuflen] = 0;
|
||||
// KB_ClearKeysDown();
|
||||
|
||||
if (cheatbuflen > MAXCHEATLEN)
|
||||
{
|
||||
g_player[myconnectindex].ps->cheat_phase = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
for (k=0; k < NUMCHEATCODES; k++)
|
||||
{
|
||||
for (j = 0; j<cheatbuflen; j++)
|
||||
|
|
|
@ -5828,7 +5828,7 @@ repeatcase:
|
|||
if (i >= (signed)sizeof(CheatStrings[k])-1)
|
||||
{
|
||||
initprintf("%s:%d: warning: truncating cheat string to %d characters.\n",
|
||||
g_szScriptFileName,g_lineNumber,MAXCHEATLEN); //,sizeof(CheatStrings[k])-1);
|
||||
g_szScriptFileName,g_lineNumber,(signed)sizeof(CheatStrings[k])-1);
|
||||
g_numCompilerWarnings++;
|
||||
C_NextLine();
|
||||
break;
|
||||
|
|
Loading…
Reference in a new issue