- Fixed imprecise bound checking in ACS code.

It was possible to access 'playeringame[8]', outside the [0:7] buffer range. Discovered with GCC 4.9 + Address Sanitizer.
This commit is contained in:
Edoardo Prezioso 2015-03-04 20:37:49 +01:00
parent 156d1e61fd
commit d61c48db25

View file

@ -8790,7 +8790,7 @@ scriptwait:
break;
case PCD_PLAYERINGAME:
if (STACK(1) < 0 || STACK(1) > MAXPLAYERS)
if (STACK(1) < 0 || STACK(1) >= MAXPLAYERS)
{
STACK(1) = false;
}
@ -8801,7 +8801,7 @@ scriptwait:
break;
case PCD_PLAYERISBOT:
if (STACK(1) < 0 || STACK(1) > MAXPLAYERS || !playeringame[STACK(1)])
if (STACK(1) < 0 || STACK(1) >= MAXPLAYERS || !playeringame[STACK(1)])
{
STACK(1) = false;
}