shithub: choc

Download patch

ref: 29994d4dbd93a67cf8e39d72230c963e14974b42
parent: f4f2242c5534a64ab4c208479a6a722cf7f6a877
author: Simon Howard <[email protected]>
date: Fri Jan 5 15:28:53 EST 2018

hexen: Validate ACS instructions.

We do an array lookup based on the instruction we read, so it is
important that the instruction is within the bounds of the array. In
particular the instruction may an extension supported by an advanced
source port like ZDoom, that we don't support.

--- a/src/hexen/p_acs.c
+++ b/src/hexen/p_acs.c
@@ -717,6 +717,11 @@
     do
     {
         cmd = ReadCodeInt();
+        ACSAssert(cmd >= 0, "negative ACS instruction %d", cmd);
+        ACSAssert(cmd < arrlen(PCodeCmds),
+                  "invalid ACS instruction %d (maybe this WAD is designed "
+                  "for an advanced source port and is not vanilla "
+                  "compatible)", cmd);
         action = PCodeCmds[cmd]();
     } while (action == SCRIPT_CONTINUE);