summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorHaru <haru@dotalux.com>2013-08-26 19:14:26 +0200
committerHaru <haru@dotalux.com>2013-08-26 20:46:44 +0200
commit835188124a6e590b406d81803b8d47f07884a9ea (patch)
tree271b52ae3aa595d83f2f031f761983bd4d629a6f /src
parentcccc5bc9256b196b1f4e9ad881838ad32c8b3424 (diff)
downloadhercules-835188124a6e590b406d81803b8d47f07884a9ea.tar.gz
hercules-835188124a6e590b406d81803b8d47f07884a9ea.tar.bz2
hercules-835188124a6e590b406d81803b8d47f07884a9ea.tar.xz
hercules-835188124a6e590b406d81803b8d47f07884a9ea.zip
Added an integer overflow check on literal values in the script parser
- When attempting to use a value greater than INT_MAX or smaller than INT_MIN (about +/- 2 billions), an error message will be shown and script execution will be aborted. - Corrected some scripts that were attempting to use such values. - Fixed some possible issues when using literal negative values in scripts. Thanks to Ind for his help on this issue (figuring it out and fixing it) Signed-off-by: Haru <haru@dotalux.com>
Diffstat (limited to 'src')
-rw-r--r--src/map/script.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/map/script.c b/src/map/script.c
index bad40b948..754cf6dd5 100644
--- a/src/map/script.c
+++ b/src/map/script.c
@@ -1006,7 +1006,7 @@ const char* parse_variable(const char* p) {
*------------------------------------------*/
const char* parse_simpleexpr(const char *p)
{
- int i;
+ long long i;
p=script->skip_space(p);
if(*p==';' || *p==',')
@@ -1031,7 +1031,14 @@ const char* parse_simpleexpr(const char *p)
} else if(ISDIGIT(*p) || ((*p=='-' || *p=='+') && ISDIGIT(p[1]))){
char *np;
while(*p == '0' && ISDIGIT(p[1])) p++;
- i=strtoul(p,&np,0);
+ i=strtoll(p,&np,0);
+ if( i < INT_MIN ) {
+ i = INT_MIN;
+ disp_error_message("parse_simpleexpr: underflow detected, capping value to INT_MIN",p);
+ } else if( i > INT_MAX ) {
+ i = INT_MAX;
+ disp_error_message("parse_simpleexpr: overflow detected, capping value to INT_MAX",p);
+ }
add_scripti(i);
p=np;
} else if(*p=='"'){