Merge branch 'uniquetid_overflow_fix' of https://github.com/edward-san/zdoom

This commit is contained in:
Christoph Oelckers 2014-01-16 11:38:53 +01:00
commit af3e619232
2 changed files with 11 additions and 7 deletions

View file

@ -4934,7 +4934,7 @@ int DLevelScript::CallFunction(int argCount, int funcIndex, SDWORD *args, const
break; break;
case ACSF_UniqueTID: case ACSF_UniqueTID:
return P_FindUniqueTID(argCount > 0 ? args[0] : 0, argCount > 1 ? args[1] : 0); return P_FindUniqueTID(argCount > 0 ? args[0] : 0, (argCount > 1 && args[1] >= 0) ? args[1] : 0);
case ACSF_IsTIDUsed: case ACSF_IsTIDUsed:
return P_IsTIDUsed(args[0]); return P_IsTIDUsed(args[0]);

View file

@ -2726,12 +2726,16 @@ int P_FindUniqueTID(int start_tid, int limit)
if (start_tid != 0) if (start_tid != 0)
{ // Do a linear search. { // Do a linear search.
limit = start_tid + limit - 1; int end_tid = start_tid;
if (limit < start_tid) if (start_tid > 0 && limit > INT_MAX - start_tid + 1)
{ // If it overflowed, clamp to INT_MAX { // If 'limit+start_tid-1' overflows, clamp 'end_tid' to INT_MAX
limit = INT_MAX; end_tid = INT_MAX;
} }
for (tid = start_tid; tid <= limit; ++tid) else
{
end_tid += limit-1;
}
for (tid = start_tid; tid <= end_tid; ++tid)
{ {
if (tid != 0 && !P_IsTIDUsed(tid)) if (tid != 0 && !P_IsTIDUsed(tid))
{ {
@ -2769,7 +2773,7 @@ CCMD(utid)
{ {
Printf("%d\n", Printf("%d\n",
P_FindUniqueTID(argv.argc() > 1 ? atoi(argv[1]) : 0, P_FindUniqueTID(argv.argc() > 1 ? atoi(argv[1]) : 0,
argv.argc() > 2 ? atoi(argv[2]) : 0)); (argv.argc() > 2 && atoi(argv[2]) >= 0) ? atoi(argv[2]) : 0));
} }
//========================================================================== //==========================================================================