From 835188124a6e590b406d81803b8d47f07884a9ea Mon Sep 17 00:00:00 2001 From: Haru Date: Mon, 26 Aug 2013 19:14:26 +0200 Subject: Added an integer overflow check on literal values in the script parser - When attempting to use a value greater than INT_MAX or smaller than INT_MIN (about +/- 2 billions), an error message will be shown and script execution will be aborted. - Corrected some scripts that were attempting to use such values. - Fixed some possible issues when using literal negative values in scripts. Thanks to Ind for his help on this issue (figuring it out and fixing it) Signed-off-by: Haru --- src/map/script.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'src/map/script.c') diff --git a/src/map/script.c b/src/map/script.c index bad40b948..754cf6dd5 100644 --- a/src/map/script.c +++ b/src/map/script.c @@ -1006,7 +1006,7 @@ const char* parse_variable(const char* p) { *------------------------------------------*/ const char* parse_simpleexpr(const char *p) { - int i; + long long i; p=script->skip_space(p); if(*p==';' || *p==',') @@ -1031,7 +1031,14 @@ const char* parse_simpleexpr(const char *p) } else if(ISDIGIT(*p) || ((*p=='-' || *p=='+') && ISDIGIT(p[1]))){ char *np; while(*p == '0' && ISDIGIT(p[1])) p++; - i=strtoul(p,&np,0); + i=strtoll(p,&np,0); + if( i < INT_MIN ) { + i = INT_MIN; + disp_error_message("parse_simpleexpr: underflow detected, capping value to INT_MIN",p); + } else if( i > INT_MAX ) { + i = INT_MAX; + disp_error_message("parse_simpleexpr: overflow detected, capping value to INT_MAX",p); + } add_scripti(i); p=np; } else if(*p=='"'){ -- cgit v1.2.3-70-g09d2