]> git.xonotic.org Git - xonotic/darkplaces.git/commitdiff
projects / xonotic / darkplaces.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6ea8abe)
add bounds check on OP_ADDRESS
authordivverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Mon, 24 Aug 2009 05:39:51 +0000 (05:39 +0000)
committerdivverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Mon, 24 Aug 2009 05:39:51 +0000 (05:39 +0000)
git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@9140 d7cf8633-e32d-0410-b094-e92efae38249

prvm_execprogram.h patch | blob | history

diff --git a/prvm_execprogram.h b/prvm_execprogram.h
index 43d047458a5a5f705d3bd5974e1ebadfd7d9ec4d..97bf15d729d5838ca67b65f9fd82a0547be1f09b 100644 (file)
--- a/prvm_execprogram.h
+++ b/prvm_execprogram.h
@@ -182,6 +182,13 @@
 
                        case OP_ADDRESS:
 #if PRVMBOUNDSCHECK
+                               if (OPA->edict < 0 || OPA->edict >= prog->max_edicts)
+                               {
+                                       prog->xfunction->profile += (st - startst);
+                                       prog->xstatement = st - prog->statements;
+                                       PRVM_ERROR ("%s Progs attempted to address an out of bounds edict number", PRVM_NAME);
+                                       goto cleanup;
+                               }
                                if ((unsigned int)(OPB->_int) >= (unsigned int)(prog->progs->entityfields))
                                {
                                        prog->xfunction->profile += (st - startst);
@@ -207,7 +214,7 @@
                        case OP_LOAD_S:
                        case OP_LOAD_FNC:
 #if PRVMBOUNDSCHECK
-                               if (OPA->edict < 0 || OPA->edict >= prog->edictareasize)
+                               if (OPA->edict < 0 || OPA->edict >= prog->max_edicts)
                                {
                                        prog->xfunction->profile += (st - startst);
                                        prog->xstatement = st - prog->statements;
@@ -228,7 +235,7 @@
 
                        case OP_LOAD_V:
 #if PRVMBOUNDSCHECK
-                               if (OPA->edict < 0 || OPA->edict >= prog->edictareasize)
+                               if (OPA->edict < 0 || OPA->edict >= prog->max_edicts)
                                {
                                        prog->xfunction->profile += (st - startst);
                                        prog->xstatement = st - prog->statements;
@@ -553,7 +560,7 @@
                                break;
                        case OP_LOAD_I:
 #if PRBOUNDSCHECK
-                               if (OPA->edict < 0 || OPA->edict >= pr_edictareasize)
+                               if (OPA->edict < 0 || OPA->edict >= prog->max_edicts)
                                {
                                        prog->xfunction->profile += (st - startst);
                                        prog->xstatement = st - prog->statements;