ref: ffa290d23c4a9b90341306866eb53f5a1b3f19aa
parent: 55fb41791d467a8c6b1609770c9cc3348079b5cb
author: Simon Howard <fraggle@soulsphere.org>
date: Fri Jan 5 15:44:51 EST 2018
hexen: Validate strings during header parsing. Strings must be terminated with a NUL before the end of the lump is reached; if not they are invalid. Check that this really is the case.
--- a/src/hexen/p_acs.c
+++ b/src/hexen/p_acs.c
@@ -447,7 +447,7 @@
void P_LoadACScripts(int lump)
{
- int i;
+ int i, offset;
acsHeader_t *header;
acsInfo_t *info;
@@ -500,7 +500,10 @@
for (i=0; i<ACStringCount; ++i)
{
- ACStrings[i] = (char *) ActionCodeBase + ReadOffset();
+ offset = ReadOffset();
+ ACStrings[i] = (char *) ActionCodeBase + offset;
+ ACSAssert(memchr(ACStrings[i], '\0', ActionCodeSize - offset) != NULL,
+ "string %d missing terminating NUL", i);
}
memset(MapVars, 0, sizeof(MapVars));