From f5db6b09fb461d7bb60ff443d603bb10820d5f14 Mon Sep 17 00:00:00 2001 From: Ben Longbons Date: Sun, 9 Nov 2014 19:55:56 -0800 Subject: Fix OOB on 128-element commands --- src/map/script-parse.cpp | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/map/script-parse.cpp b/src/map/script-parse.cpp index 6fb94de..878397f 100644 --- a/src/map/script-parse.cpp +++ b/src/map/script-parse.cpp @@ -24,6 +24,7 @@ #include +#include "../generic/array.hpp" #include "../generic/db.hpp" #include "../generic/intern-pool.hpp" @@ -505,7 +506,7 @@ ZString::iterator ScriptBuffer::parse_subexpr(ZString::iterator p, int limit) { int i = 0; P funcp = TRY_UNWRAP(parse_cmdp, abort()); - ZString::iterator plist[128]; + Array plist; if (funcp->type != StringCode::FUNC) { @@ -529,6 +530,11 @@ ZString::iterator ScriptBuffer::parse_subexpr(ZString::iterator p, int limit) p = skip_space(p); i++; } + if (i == 128) + { + disp_error_message("PANIC: unrecoverable error in function argument list"_s, p); + abort(); + } plist[i] = p; if (*p != ')') { @@ -595,7 +601,7 @@ ZString::iterator ScriptBuffer::parse_expr(ZString::iterator p) ZString::iterator ScriptBuffer::parse_line(ZString::iterator p, bool *can_step) { int i = 0; - ZString::iterator plist[128]; + Array plist; p = skip_space(p); if (*p == ';') @@ -652,6 +658,11 @@ ZString::iterator ScriptBuffer::parse_line(ZString::iterator p, bool *can_step) p = skip_space(p); i++; } + if (i == 128) + { + disp_error_message("PANIC: unknown error in command argument list"_s, p); + abort(); + } plist[i] = p; if (*(p++) != ';') { -- cgit v1.2.3-60-g2f50