ref: 29994d4dbd93a67cf8e39d72230c963e14974b42
parent: f4f2242c5534a64ab4c208479a6a722cf7f6a877
author: Simon Howard <fraggle@soulsphere.org>
date: Fri Jan 5 15:28:53 EST 2018
hexen: Validate ACS instructions. We do an array lookup based on the instruction we read, so it is important that the instruction is within the bounds of the array. In particular the instruction may an extension supported by an advanced source port like ZDoom, that we don't support.
--- a/src/hexen/p_acs.c
+++ b/src/hexen/p_acs.c
@@ -717,6 +717,11 @@
do
{cmd = ReadCodeInt();
+ ACSAssert(cmd >= 0, "negative ACS instruction %d", cmd);
+ ACSAssert(cmd < arrlen(PCodeCmds),
+ "invalid ACS instruction %d (maybe this WAD is designed "
+ "for an advanced source port and is not vanilla "
+ "compatible)", cmd);
action = PCodeCmds[cmd]();
} while (action == SCRIPT_CONTINUE);