shithub: choc

Download patch

ref: 005a79c6528d7b98c37f24e548e805f6435f0e36
parent: 48af05e08f0ebe20fab76b9f8ab54cab085630f8
author: Simon Howard <fraggle@soulsphere.org>
date: Thu Jan 4 20:24:29 EST 2018 

hexen: Add bounds checking for map variables.

There is a fixed number of map variables and the limit should not
be exceeded.


--- a/src/hexen/p_acs.c
+++ b/src/hexen/p_acs.c
@@ -891,6 +891,15 @@
     return var;
 }
 
+static int ReadMapVar(void)
+{
+    int var = ReadCodeImmediate();
+    ACSAssert(var >= 0, "negative map variable: %d < 0", var);
+    ACSAssert(var < MAX_ACS_MAP_VARS,
+              "invalid map variable: %d >= %d", var, MAX_ACS_MAP_VARS);
+    return var;
+}
+
 //==========================================================================
 //
 // P-Code Commands
@@ -1170,8 +1179,7 @@
 
 static int CmdAssignMapVar(void)
 {
-    MapVars[LONG(*PCodePtr)] = Pop();
-    ++PCodePtr;
+    MapVars[ReadMapVar()] = Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1190,8 +1198,7 @@
 
 static int CmdPushMapVar(void)
 {
-    Push(MapVars[LONG(*PCodePtr)]);
-    ++PCodePtr;
+    Push(MapVars[ReadMapVar()]);
     return SCRIPT_CONTINUE;
 }
 
@@ -1210,8 +1217,7 @@
 
 static int CmdAddMapVar(void)
 {
-    MapVars[LONG(*PCodePtr)] += Pop();
-    ++PCodePtr;
+    MapVars[ReadMapVar()] += Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1230,8 +1236,7 @@
 
 static int CmdSubMapVar(void)
 {
-    MapVars[LONG(*PCodePtr)] -= Pop();
-    ++PCodePtr;
+    MapVars[ReadMapVar()] -= Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1250,8 +1255,7 @@
 
 static int CmdMulMapVar(void)
 {
-    MapVars[LONG(*PCodePtr)] *= Pop();
-    ++PCodePtr;
+    MapVars[ReadMapVar()] *= Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1270,8 +1274,7 @@
 
 static int CmdDivMapVar(void)
 {
-    MapVars[LONG(*PCodePtr)] /= Pop();
-    ++PCodePtr;
+    MapVars[ReadMapVar()] /= Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1290,8 +1293,7 @@
 
 static int CmdModMapVar(void)
 {
-    MapVars[LONG(*PCodePtr)] %= Pop();
-    ++PCodePtr;
+    MapVars[ReadMapVar()] %= Pop();
     return SCRIPT_CONTINUE;
 }
 
@@ -1310,8 +1312,7 @@
 
 static int CmdIncMapVar(void)
 {
-    ++MapVars[LONG(*PCodePtr)];
-    ++PCodePtr;
+    ++MapVars[ReadMapVar()];
     return SCRIPT_CONTINUE;
 }
 
@@ -1330,8 +1331,7 @@
 
 static int CmdDecMapVar(void)
 {
-    --MapVars[LONG(*PCodePtr)];
-    ++PCodePtr;
+    --MapVars[ReadMapVar()];
     return SCRIPT_CONTINUE;
 }