mirror of
https://github.com/ZDoom/Raze.git
synced 2025-01-18 14:41:55 +00:00
Do bound check for "quick" sector/wall accesses from CON, i.e. in getvarvar.
This was causing oob sector accesses with code like this: getwall[hitwall].nextsector temp ifvarvare sector[temp].floorz sector[temp].ceilingz setvar tempb 1 (from DT's HYPERCORE). Also validate quote indices passed to CON's quote and userquote commands at runtime. git-svn-id: https://svn.eduke32.com/eduke32@2381 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
parent
668774c12e
commit
0175562e1f
2 changed files with 58 additions and 4 deletions
|
@ -4748,6 +4748,13 @@ nullquote:
|
|||
case CON_QUOTE:
|
||||
insptr++;
|
||||
|
||||
if ((unsigned)(*insptr) >= MAXQUOTES)
|
||||
{
|
||||
OSD_Printf(CON_ERROR "invalid quote ID %d\n",g_errorLineNum,keyw[g_tw],(int32_t)(*insptr));
|
||||
insptr++;
|
||||
continue;
|
||||
}
|
||||
|
||||
if ((ScriptQuotes[*insptr] == NULL))
|
||||
{
|
||||
OSD_Printf(CON_ERROR "null quote %d\n",g_errorLineNum,keyw[g_tw],(int32_t)*insptr);
|
||||
|
@ -4770,6 +4777,13 @@ nullquote:
|
|||
{
|
||||
int32_t i=Gv_GetVarX(*insptr++);
|
||||
|
||||
if ((unsigned)i >= MAXQUOTES)
|
||||
{
|
||||
OSD_Printf(CON_ERROR "invalid quote ID %d\n",g_errorLineNum,keyw[g_tw],i);
|
||||
insptr++;
|
||||
continue;
|
||||
}
|
||||
|
||||
if ((ScriptQuotes[i] == NULL))
|
||||
{
|
||||
OSD_Printf(CON_ERROR "null quote %d\n",g_errorLineNum,keyw[g_tw],i);
|
||||
|
|
|
@ -613,8 +613,20 @@ int32_t __fastcall Gv_GetVar(register int32_t id, register int32_t iActor, regis
|
|||
return ((Gv_GetVar(*insptr++, index, iPlayer) ^ -negateResult) + negateResult);
|
||||
case 1: //else if (id == g_iSectorVarID)
|
||||
if (index == vm.g_i) index = sprite[vm.g_i].sectnum;
|
||||
if ((unsigned)index >= MAXSECTORS)
|
||||
{
|
||||
iPlayer = index;
|
||||
insptr++;
|
||||
goto badsector;
|
||||
}
|
||||
return ((VM_AccessSectorX(index, *insptr++) ^ -negateResult) + negateResult);
|
||||
case 2: //else if (id == g_iWallVarID)
|
||||
if ((unsigned)index >= MAXWALLS)
|
||||
{
|
||||
iPlayer = index;
|
||||
insptr++;
|
||||
goto badwall;
|
||||
}
|
||||
return ((VM_AccessWallX(index, *insptr++) ^ -negateResult) + negateResult);
|
||||
default:
|
||||
goto wtf;
|
||||
|
@ -667,6 +679,14 @@ badsprite:
|
|||
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid sprite ID %d\n",g_errorLineNum,keyw[g_tw], iPlayer);
|
||||
return -1;
|
||||
|
||||
badsector:
|
||||
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid sector ID %d\n",g_errorLineNum,keyw[g_tw], iPlayer);
|
||||
return -1;
|
||||
|
||||
badwall:
|
||||
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid wall ID %d\n",g_errorLineNum,keyw[g_tw], iPlayer);
|
||||
return -1;
|
||||
|
||||
wtf:
|
||||
OSD_Printf(CON_ERROR "Gv_GetVar(): WTF?\n",g_errorLineNum,keyw[g_tw]);
|
||||
return -1;
|
||||
|
@ -787,8 +807,20 @@ int32_t __fastcall Gv_GetVarX(register int32_t id)
|
|||
return ((Gv_GetVar(*insptr++, index, vm.g_p) ^ -negateResult) + negateResult);
|
||||
case 1: //else if (id == g_iSectorVarID)
|
||||
if (index == vm.g_i) index = sprite[vm.g_i].sectnum;
|
||||
if ((unsigned)index >= MAXSECTORS)
|
||||
{
|
||||
id = index;
|
||||
insptr++;
|
||||
goto badsector;
|
||||
}
|
||||
return ((VM_AccessSectorX(index, *insptr++) ^ -negateResult) + negateResult);
|
||||
case 2: //else if (id == g_iWallVarID)
|
||||
if ((unsigned)index >= MAXWALLS)
|
||||
{
|
||||
id = index;
|
||||
insptr++;
|
||||
goto badwall;
|
||||
}
|
||||
return ((VM_AccessWallX(index, *insptr++) ^ -negateResult) + negateResult);
|
||||
default:
|
||||
goto wtf;
|
||||
|
@ -823,19 +855,27 @@ int32_t __fastcall Gv_GetVarX(register int32_t id)
|
|||
}
|
||||
|
||||
badindex:
|
||||
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid array index (%s[%d])\n",g_errorLineNum,keyw[g_tw],aGameArrays[id].szLabel,(int32_t)negateResult);
|
||||
OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid array index (%s[%d])\n",g_errorLineNum,keyw[g_tw],aGameArrays[id].szLabel,(int32_t)negateResult);
|
||||
return -1;
|
||||
|
||||
badvarid:
|
||||
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid gamevar ID (%d)\n",g_errorLineNum,keyw[g_tw],id);
|
||||
OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid gamevar ID (%d)\n",g_errorLineNum,keyw[g_tw],id);
|
||||
return -1;
|
||||
|
||||
badplayer:
|
||||
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid player ID %d\n",g_errorLineNum,keyw[g_tw], id);
|
||||
OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid player ID %d\n",g_errorLineNum,keyw[g_tw], id);
|
||||
return -1;
|
||||
|
||||
badsprite:
|
||||
OSD_Printf(CON_ERROR "Gv_GetVar(): invalid sprite ID %d\n",g_errorLineNum,keyw[g_tw], id);
|
||||
OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid sprite ID %d\n",g_errorLineNum,keyw[g_tw], id);
|
||||
return -1;
|
||||
|
||||
badsector:
|
||||
OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid sector ID %d\n",g_errorLineNum,keyw[g_tw], id);
|
||||
return -1;
|
||||
|
||||
badwall:
|
||||
OSD_Printf(CON_ERROR "Gv_GetVarX(): invalid wall ID %d\n",g_errorLineNum,keyw[g_tw], id);
|
||||
return -1;
|
||||
|
||||
wtf:
|
||||
|
|
Loading…
Reference in a new issue