zdoom/gzdoom
0
0
Fork 0
mirror of https://github.com/ZDoom/gzdoom.git synced 2025-02-16 17:21:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Check array size for overflow.

Browse source 
Since ZScript is a 32 bit VM, the largest safe value for an array's physical size is 2GB. Any larger value will be destroyed by the compiler which relies on signed 32 bit values too much.
This commit is contained in:
Christoph Oelckers 2024-10-25 08:47:19 +02:00
parent ee6991e6d8
commit a14bba3561
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/common/scripting/frontend/zcc_compile.cpp
View file

@ -2286,6 +2286,11 @@ PType *ZCCCompiler::ResolveArraySize(PType *baseType, ZCC_Expression *arraysize,
Error(arraysize, "Array size must be positive");
return TypeError;
}
if (uint64_t(size) * baseType->Size > 0x7fffffff)
{
Error(arraysize, "Array size overflow. Total size must be less than 2GB");
return TypeError;
}
baseType = NewArray(baseType, size);
}