shithub: choc

Download patch

ref: 48af05e08f0ebe20fab76b9f8ab54cab085630f8
parent: 1797341f9cefd83fb1ea2d01c8447023ed1a6e1c
author: Simon Howard <[email protected]>
date: Thu Jan 4 20:21:25 EST 2018 

hexen: Add bounds checking for script variables.

Scripts have a fixed number of variables and the limit should not
be exceeded.


--- a/src/hexen/p_acs.c
+++ b/src/hexen/p_acs.c
@@ -874,6 +874,23 @@
     ACScript->stackPtr--;
 }
 
+static int ReadCodeImmediate(void)
+{
+    int result;
+    result = *PCodePtr;
+    ++PCodePtr;
+    return result;
+}
+
+static int ReadScriptVar(void)
+{
+    int var = ReadCodeImmediate();
+    ACSAssert(var >= 0, "negative script variable: %d < 0", var);
+    ACSAssert(var < MAX_ACS_SCRIPT_VARS,
+              "invalid script variable: %d >= %d", var, MAX_ACS_SCRIPT_VARS);
+    return var;
+}
+
 //==========================================================================
 //
 // P-Code Commands
@@ -1147,8 +1164,7 @@
 
 static int CmdAssignScriptVar(void)
 {
-    ACScript->vars[LONG(*PCodePtr)] = Pop();
-    ++PCodePtr;
+    ACScript->vars[ReadScriptVar()] = Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1168,8 +1184,7 @@
 
 static int CmdPushScriptVar(void)
 {
-    Push(ACScript->vars[LONG(*PCodePtr)]);
-    ++PCodePtr;
+    Push(ACScript->vars[ReadScriptVar()]);
     return SCRIPT_CONTINUE;
 }
 
@@ -1189,8 +1204,7 @@
 
 static int CmdAddScriptVar(void)
 {
-    ACScript->vars[LONG(*PCodePtr)] += Pop();
-    ++PCodePtr;
+    ACScript->vars[ReadScriptVar()] += Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1210,8 +1224,7 @@
 
 static int CmdSubScriptVar(void)
 {
-    ACScript->vars[LONG(*PCodePtr)] -= Pop();
-    ++PCodePtr;
+    ACScript->vars[ReadScriptVar()] -= Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1231,8 +1244,7 @@
 
 static int CmdMulScriptVar(void)
 {
-    ACScript->vars[LONG(*PCodePtr)] *= Pop();
-    ++PCodePtr;
+    ACScript->vars[ReadScriptVar()] *= Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1252,8 +1264,7 @@
 
 static int CmdDivScriptVar(void)
 {
-    ACScript->vars[LONG(*PCodePtr)] /= Pop();
-    ++PCodePtr;
+    ACScript->vars[ReadScriptVar()] /= Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1273,8 +1284,7 @@
 
 static int CmdModScriptVar(void)
 {
-    ACScript->vars[LONG(*PCodePtr)] %= Pop();
-    ++PCodePtr;
+    ACScript->vars[ReadScriptVar()] %= Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1294,8 +1304,7 @@
 
 static int CmdIncScriptVar(void)
 {
-    ++ACScript->vars[LONG(*PCodePtr)];
-    ++PCodePtr;
+    ++ACScript->vars[ReadScriptVar()];
     return SCRIPT_CONTINUE;
 }
 
@@ -1315,8 +1324,7 @@
 
 static int CmdDecScriptVar(void)
 {
-    --ACScript->vars[LONG(*PCodePtr)];
-    ++PCodePtr;
+    --ACScript->vars[ReadScriptVar()];
     return SCRIPT_CONTINUE;
 }