- Fixed imprecise bound checking in ACS code.

It was possible to access 'playeringame[8]', outside the [0:7] buffer range. Discovered with GCC 4.9 + Address Sanitizer.
This commit is contained in:
Edoardo Prezioso 2015-03-04 20:37:49 +01:00
parent 156d1e61fd
commit d61c48db25

View file

@ -8790,7 +8790,7 @@ scriptwait:
break; break;
case PCD_PLAYERINGAME: case PCD_PLAYERINGAME:
if (STACK(1) < 0 || STACK(1) > MAXPLAYERS) if (STACK(1) < 0 || STACK(1) >= MAXPLAYERS)
{ {
STACK(1) = false; STACK(1) = false;
} }
@ -8801,7 +8801,7 @@ scriptwait:
break; break;
case PCD_PLAYERISBOT: case PCD_PLAYERISBOT:
if (STACK(1) < 0 || STACK(1) > MAXPLAYERS || !playeringame[STACK(1)]) if (STACK(1) < 0 || STACK(1) >= MAXPLAYERS || !playeringame[STACK(1)])
{ {
STACK(1) = false; STACK(1) = false;
} }