zdoom/raze-gles
0
0
Fork 0
mirror of https://github.com/ZDoom/raze-gles.git synced 2025-02-05 05:10:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

CON qsprintf: fix specifying more than one "%s" conversion.

Browse source 
Also, slightly better, though still inadequate checking.

git-svn-id: https://svn.eduke32.com/eduke32@3506 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
helixhorned 2013-02-18 16:07:56 +00:00
parent 5dfb4dc48b
commit 740c8d021b
1 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
polymer/eduke32/source/gameexec.c
View file

@ -3491,12 +3491,13 @@ nullquote:
} }
{ {
int32_t arg[32], i = 0, j = 0, k = 0; int32_t arg[32], i = 0, j = 0, k = 0, numargs;
int32_t len = Bstrlen(ScriptQuotes[sq]); int32_t len = Bstrlen(ScriptQuotes[sq]);
char tempbuf[MAXQUOTELEN]; char tempbuf[MAXQUOTELEN];
while ((*insptr & 0xFFF) != CON_NULLOP && i < 32) while ((*insptr & 0xFFF) != CON_NULLOP && i < 32)
arg[i++] = Gv_GetVarX(*insptr++); arg[i++] = Gv_GetVarX(*insptr++);
numargs = i;
insptr++; // skip the NOP insptr++; // skip the NOP
@ -3524,8 +3525,10 @@ nullquote:
case 'd': case 'd':
{ {
char buf[16]; char buf[16];
int32_t ii = 0; int32_t ii;
if (i >= numargs)
goto finish_qsprintf;
Bsprintf(buf, "%d", arg[i++]); Bsprintf(buf, "%d", arg[i++]);
ii = Bstrlen(buf); ii = Bstrlen(buf);
@ -3537,10 +3540,15 @@ nullquote:
case 's': case 's':
{ {
int32_t ii = Bstrlen(ScriptQuotes[arg[i]]); int32_t ii;
if (i >= numargs)
goto finish_qsprintf;
ii = Bstrlen(ScriptQuotes[arg[i]]);
Bmemcpy(&tempbuf[j], ScriptQuotes[arg[i]], ii); Bmemcpy(&tempbuf[j], ScriptQuotes[arg[i]], ii);
j += ii; j += ii;
i++;
k++; k++;
} }
break; break;
@ -3552,9 +3560,9 @@ nullquote:
} }
} }
while (k < len && j < MAXQUOTELEN); while (k < len && j < MAXQUOTELEN);
finish_qsprintf:
tempbuf[j] = '\0'; tempbuf[j] = '\0';
Bstrcpy(ScriptQuotes[dq], tempbuf); Bstrncpyz(ScriptQuotes[dq], tempbuf, MAXQUOTELEN);
continue; continue;
} }
} }