diff options
author | Haru <haru@dotalux.com> | 2013-08-26 19:14:26 +0200 |
---|---|---|
committer | Haru <haru@dotalux.com> | 2013-08-26 20:46:44 +0200 |
commit | 835188124a6e590b406d81803b8d47f07884a9ea (patch) | |
tree | 271b52ae3aa595d83f2f031f761983bd4d629a6f /src/map | |
parent | cccc5bc9256b196b1f4e9ad881838ad32c8b3424 (diff) | |
download | hercules-835188124a6e590b406d81803b8d47f07884a9ea.tar.gz hercules-835188124a6e590b406d81803b8d47f07884a9ea.tar.bz2 hercules-835188124a6e590b406d81803b8d47f07884a9ea.tar.xz hercules-835188124a6e590b406d81803b8d47f07884a9ea.zip |
Added an integer overflow check on literal values in the script parser
- When attempting to use a value greater than INT_MAX or smaller than
INT_MIN (about +/- 2 billions), an error message will be shown and
script execution will be aborted.
- Corrected some scripts that were attempting to use such values.
- Fixed some possible issues when using literal negative values in
scripts.
Thanks to Ind for his help on this issue (figuring it out and fixing it)
Signed-off-by: Haru <haru@dotalux.com>
Diffstat (limited to 'src/map')
-rw-r--r-- | src/map/script.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/map/script.c b/src/map/script.c index bad40b948..754cf6dd5 100644 --- a/src/map/script.c +++ b/src/map/script.c @@ -1006,7 +1006,7 @@ const char* parse_variable(const char* p) { *------------------------------------------*/ const char* parse_simpleexpr(const char *p) { - int i; + long long i; p=script->skip_space(p); if(*p==';' || *p==',') @@ -1031,7 +1031,14 @@ const char* parse_simpleexpr(const char *p) } else if(ISDIGIT(*p) || ((*p=='-' || *p=='+') && ISDIGIT(p[1]))){ char *np; while(*p == '0' && ISDIGIT(p[1])) p++; - i=strtoul(p,&np,0); + i=strtoll(p,&np,0); + if( i < INT_MIN ) { + i = INT_MIN; + disp_error_message("parse_simpleexpr: underflow detected, capping value to INT_MIN",p); + } else if( i > INT_MAX ) { + i = INT_MAX; + disp_error_message("parse_simpleexpr: overflow detected, capping value to INT_MAX",p); + } add_scripti(i); p=np; } else if(*p=='"'){ |