From c039882dcc8b0a99c17d5eea47e2b0e5d91e49c0 Mon Sep 17 00:00:00 2001 From: Christoph Oelckers Date: Sun, 5 Nov 2023 14:42:41 +0100 Subject: [PATCH] Exhumed: Always perform a range check on a sequence's length. Too many of these are not correct and prone to overflows so ignoring this is not good. --- source/games/exhumed/src/sequence.cpp | 8 ++++++-- source/games/exhumed/src/sequence.h | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/source/games/exhumed/src/sequence.cpp b/source/games/exhumed/src/sequence.cpp index cda6be7e1..35758f56a 100644 --- a/source/games/exhumed/src/sequence.cpp +++ b/source/games/exhumed/src/sequence.cpp @@ -450,7 +450,7 @@ void seq_PlotArrowSequence(const int nSprite, const FName seqFile, const int16_t // //--------------------------------------------------------------------------- -void seq_PlotSequence(const int nSprite, const FName seqFile, const int16_t seqIndex, const int16_t frameIndex, const int16_t nFlags) +void seq_PlotSequence(const int nSprite, const FName seqFile, const int seqIndex, int frameIndex, const int nFlags) { tspritetype* pTSprite = mytspriteArray->get(nSprite); const auto pPlayer = getPlayer(nLocalPlayer); @@ -464,7 +464,11 @@ void seq_PlotSequence(const int nSprite, const FName seqFile, const int16_t seqI } const auto fileSeqs = getFileSeqs(seqFile); - const auto& seqFrame = fileSeqs->Data(seqIndex + seqOffset)->frames[frameIndex]; + if (seqIndex + seqOffset > fileSeqs->SSize()) return; + const auto& sequence = fileSeqs->Data(seqIndex + seqOffset); + if (sequence->frames.SSize() <= frameIndex) frameIndex = sequence->frames.SSize() - 1; + + const auto& seqFrame = sequence->frames[frameIndex]; const auto chunkCount = seqFrame.chunks.Size(); const auto nShade = pTSprite->shade - (100 * !!(fileSeqs->Data(seqIndex)->frames[frameIndex].flags & 4)); diff --git a/source/games/exhumed/src/sequence.h b/source/games/exhumed/src/sequence.h index f4d815b52..146c04e16 100644 --- a/source/games/exhumed/src/sequence.h +++ b/source/games/exhumed/src/sequence.h @@ -80,7 +80,7 @@ extern int16_t nPilotLightCount; void seq_LoadSequences(); void seq_DrawGunSequence(const SeqFrame& seqFrame, double xPos, double yPos, int nShade, int nPal, DAngle nAngle, double nAlpha, int nStat = 0); -void seq_PlotSequence(const int nSprite, const FName seqFile, const int16_t seqIndex, const int16_t frameIndex, const int16_t nFlags); +void seq_PlotSequence(const int nSprite, const FName seqFile, const int seqIndex, int frameIndex, const int nFlags); void seq_PlotArrowSequence(const int nSprite, const FName seqFile, const int16_t seqIndex, const int frameIndex); void seq_DrawPilotLightSeq(double xPos, double yPos, double nAngle);