Do bound check for "quick" sector/wall accesses from CON, i.e. in getvarvar.

This was causing oob sector accesses with code like this:
    getwall[hitwall].nextsector temp
    ifvarvare sector[temp].floorz sector[temp].ceilingz setvar tempb 1
(from DT's HYPERCORE).

Also validate quote indices passed to CON's quote and userquote commands at
runtime.

git-svn-id: https://svn.eduke32.com/eduke32@2381 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
helixhorned 2012-02-24 19:51:54 +00:00
parent 668774c12e
commit 0175562e1f
2 changed files with 58 additions and 4 deletions

View file

@ -4748,6 +4748,13 @@ nullquote:
case CON_QUOTE: case CON_QUOTE:
insptr++; insptr++;
if ((unsigned)(*insptr) >= MAXQUOTES)
{
OSD_Printf(CON_ERROR "invalid quote ID %d\n",g_errorLineNum,keyw[g_tw],(int32_t)(*insptr));
insptr++;
continue;
}
if ((ScriptQuotes[*insptr] == NULL)) if ((ScriptQuotes[*insptr] == NULL))
{ {
OSD_Printf(CON_ERROR "null quote %d\n",g_errorLineNum,keyw[g_tw],(int32_t)*insptr); OSD_Printf(CON_ERROR "null quote %d\n",g_errorLineNum,keyw[g_tw],(int32_t)*insptr);
@ -4770,6 +4777,13 @@ nullquote:
{ {
int32_t i=Gv_GetVarX(*insptr++); int32_t i=Gv_GetVarX(*insptr++);
if ((unsigned)i >= MAXQUOTES)
{
OSD_Printf(CON_ERROR "invalid quote ID %d\n",g_errorLineNum,keyw[g_tw],i);
insptr++;
continue;
}
if ((ScriptQuotes[i] == NULL)) if ((ScriptQuotes[i] == NULL))
{ {
OSD_Printf(CON_ERROR "null quote %d\n",g_errorLineNum,keyw[g_tw],i); OSD_Printf(CON_ERROR "null quote %d\n",g_errorLineNum,keyw[g_tw],i);

View file

@ -613,8 +613,20 @@ int32_t __fastcall Gv_GetVar(register int32_t id, register int32_t iActor, regis
return ((Gv_GetVar(*insptr++, index, iPlayer) ^ -negateResult) + negateResult); return ((Gv_GetVar(*insptr++, index, iPlayer) ^ -negateResult) + negateResult);
case 1: //else if (id == g_iSectorVarID) case 1: //else if (id == g_iSectorVarID)
if (index == vm.g_i) index = sprite[vm.g_i].sectnum; if (index == vm.g_i) index = sprite[vm.g_i].sectnum;
if ((unsigned)index >= MAXSECTORS)
{
iPlayer = index;
insptr++;
goto badsector;
}
return ((VM_AccessSectorX(index, *insptr++) ^ -negateResult) + negateResult); return ((VM_AccessSectorX(index, *insptr++) ^ -negateResult) + negateResult);
case 2: //else if (id == g_iWallVarID) case 2: //else if (id == g_iWallVarID)
if ((unsigned)index >= MAXWALLS)
{
iPlayer = index;
insptr++;
goto badwall;
}
return ((VM_AccessWallX(index, *insptr++) ^ -negateResult) + negateResult); return ((VM_AccessWallX(index, *insptr++) ^ -negateResult) + negateResult);
default: default:
goto wtf; goto wtf;
@ -667,6 +679,14 @@ badsprite:
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid sprite ID %d\n",g_errorLineNum,keyw[g_tw], iPlayer); OSD_Printf(CON_ERROR "Gv_GetVar(): invalid sprite ID %d\n",g_errorLineNum,keyw[g_tw], iPlayer);
return -1; return -1;
badsector:
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid sector ID %d\n",g_errorLineNum,keyw[g_tw], iPlayer);
return -1;
badwall:
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid wall ID %d\n",g_errorLineNum,keyw[g_tw], iPlayer);
return -1;
wtf: wtf:
OSD_Printf(CON_ERROR "Gv_GetVar(): WTF?\n",g_errorLineNum,keyw[g_tw]); OSD_Printf(CON_ERROR "Gv_GetVar(): WTF?\n",g_errorLineNum,keyw[g_tw]);
return -1; return -1;
@ -787,8 +807,20 @@ int32_t __fastcall Gv_GetVarX(register int32_t id)
return ((Gv_GetVar(*insptr++, index, vm.g_p) ^ -negateResult) + negateResult); return ((Gv_GetVar(*insptr++, index, vm.g_p) ^ -negateResult) + negateResult);
case 1: //else if (id == g_iSectorVarID) case 1: //else if (id == g_iSectorVarID)
if (index == vm.g_i) index = sprite[vm.g_i].sectnum; if (index == vm.g_i) index = sprite[vm.g_i].sectnum;
if ((unsigned)index >= MAXSECTORS)
{
id = index;
insptr++;
goto badsector;
}
return ((VM_AccessSectorX(index, *insptr++) ^ -negateResult) + negateResult); return ((VM_AccessSectorX(index, *insptr++) ^ -negateResult) + negateResult);
case 2: //else if (id == g_iWallVarID) case 2: //else if (id == g_iWallVarID)
if ((unsigned)index >= MAXWALLS)
{
id = index;
insptr++;
goto badwall;
}
return ((VM_AccessWallX(index, *insptr++) ^ -negateResult) + negateResult); return ((VM_AccessWallX(index, *insptr++) ^ -negateResult) + negateResult);
default: default:
goto wtf; goto wtf;
@ -823,19 +855,27 @@ int32_t __fastcall Gv_GetVarX(register int32_t id)
} }
badindex: badindex:
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid array index (%s[%d])\n",g_errorLineNum,keyw[g_tw],aGameArrays[id].szLabel,(int32_t)negateResult); OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid array index (%s[%d])\n",g_errorLineNum,keyw[g_tw],aGameArrays[id].szLabel,(int32_t)negateResult);
return -1; return -1;
badvarid: badvarid:
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid gamevar ID (%d)\n",g_errorLineNum,keyw[g_tw],id); OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid gamevar ID (%d)\n",g_errorLineNum,keyw[g_tw],id);
return -1; return -1;
badplayer: badplayer:
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid player ID %d\n",g_errorLineNum,keyw[g_tw], id); OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid player ID %d\n",g_errorLineNum,keyw[g_tw], id);
return -1; return -1;
badsprite: badsprite:
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid sprite ID %d\n",g_errorLineNum,keyw[g_tw], id); OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid sprite ID %d\n",g_errorLineNum,keyw[g_tw], id);
return -1;
badsector:
OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid sector ID %d\n",g_errorLineNum,keyw[g_tw], id);
return -1;
badwall:
OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid wall ID %d\n",g_errorLineNum,keyw[g_tw], id);
return -1; return -1;
wtf: wtf: