zdoom/raze
0
0
Fork 0
mirror of https://github.com/ZDoom/Raze.git synced 2024-11-24 13:01:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

Duke: add range checks for accessing the moves array

Browse source 
CON can easily produce bad indices due to sloppy design.
In ZScript always throw an exception if such an index is out of bounds.
This commit is contained in:
Christoph Oelckers 2024-10-09 14:07:02 +02:00
parent 48d4545067
commit 1dedb4319a
3 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
source/games/duke/src/gameexec.cpp
View file

@ -1528,7 +1528,7 @@ int ParseState::parse(void)
auto ai = &ais[*insptr];
g_ac->curAI = ai->name;
g_ac->curAction = &actions[ai->action];
g_ac->curMove = &moves[ai->move];
g_ac->curMove = &moves[ai->move >= 0 && ai->move < moves.Size()? ai->move : 0];
g_ac->spr.hitag = ai->moveflags;
g_ac->actioncounter = g_ac->curframe = 0;
g_ac->counter = 0;
@ -1874,7 +1874,7 @@ int ParseState::parse(void)
case concmd_move:
g_ac->counter=0;
insptr++;
g_ac->curMove = &moves[*insptr];
g_ac->curMove = &moves[*insptr >= 0 && *insptr < moves.Size() ? *insptr : 0];
insptr++;
g_ac->spr.hitag = *insptr;
insptr++;

4
source/games/duke/src/spawn.cpp
View file

@ -88,7 +88,7 @@ static void initanimations(DDukeActor* act)
act->actioncounter = act->curframe = 0;
ndx = LookupMove(act->GetClass(), ainf->DefaultMove);
act->curMove = &moves[ndx];
act->curMove = &moves[ndx >= 0 && ndx < moves.Size() ? ndx : 0];
if (ainf->DefaultMoveflags && act->spr.hitag == 0)
act->spr.hitag = ainf->DefaultMoveflags;
}
@ -96,7 +96,7 @@ static void initanimations(DDukeActor* act)
{
auto sa = &ScriptCode[coninf->scriptaddress];
act->curAction = &actions[sa[1]];
act->curMove = &moves[sa[2]];
act->curMove = &moves[sa[2] >= 0 && sa[2] < moves.Size() ? sa[2] : 0];
int s3 = sa[3];
if (s3 && act->spr.hitag == 0)
act->spr.hitag = s3;

5
source/games/duke/src/vmexports.cpp
View file

@ -733,6 +733,7 @@ DEFINE_ACTION_FUNCTION_NATIVE(DDukeActor, aim, aim_)
void Duke_SetAction(DDukeActor* self, int intname)
{
int ndx = LookupAction(self->GetClass(), FName(ENamedName(intname)));
if (ndx < 0 || ndx >= actions.SSize()) ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Bad 'action' index");
self->curAction = &actions[ndx];
self->actioncounter = self->curframe = 0;
@ -749,6 +750,7 @@ DEFINE_ACTION_FUNCTION_NATIVE(DDukeActor, SetAction, Duke_SetAction)
void Duke_SetMove(DDukeActor* self, int intname, int flags)
{
int ndx = LookupMove(self->GetClass(), FName(ENamedName(intname)));
if (ndx < 0 || ndx >= moves.SSize()) ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Bad 'move' index");
self->curMove = &moves[ndx];
self->spr.hitag = flags;
self->counter = 0;
@ -766,10 +768,13 @@ DEFINE_ACTION_FUNCTION_NATIVE(DDukeActor, SetMove, Duke_SetMove)
void Duke_SetAI(DDukeActor* self, int intname)
{
int ndx = LookupAI(self->GetClass(), FName(ENamedName(intname)));
if (ndx < 0 || ndx >= ais.SSize()) ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Bad 'ai' index");
auto ai = &ais[ndx];
assert(!(ai->move & 0x80000000));
assert(!(ai->action & 0x80000000));
if (ai->move < 0 || ai->move >= moves.SSize()) ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Bad 'move' index");
self->curMove = &moves[ai->move];
if (ai->action < 0 || ai->action >= actions.SSize()) ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Bad 'action' index");
self->curAction = &actions[ai->action];
self->spr.hitag = ai->moveflags;
self->curAI = ai->name;