(svn r27290) -Fix: sanitize the command line arguments before doing anything complex with them

2025-08-31 18:39:10 +00:00 · 2015-05-20 18:18:26 +00:00
parent d05ac99d52
commit 10466746b4
3 changed files with 9 additions and 2 deletions
--- a/src/os/os2/os2.cpp
+++ b/src/os/os2/os2.cpp
@@ -174,6 +174,9 @@ int CDECL main(int argc, char *argv[])
 {
 	SetRandomSeed(time(NULL));

+	/* Make sure our arguments contain only valid UTF-8 characters. */
+	for (int i = 0; i < argc; i++) ValidateString(argv[i]);
+
 	return openttd_main(argc, argv);
 }

--- a/src/os/unix/unix.cpp
+++ b/src/os/unix/unix.cpp
@@ -259,7 +259,8 @@ void cocoaReleaseAutoreleasePool();

 int CDECL main(int argc, char *argv[])
 {
-	int ret;
+	/* Make sure our arguments contain only valid UTF-8 characters. */
+	for (int i = 0; i < argc; i++) ValidateString(argv[i]);

 #ifdef WITH_COCOA
 	cocoaSetupAutoreleasePool();
@@ -275,7 +276,7 @@ int CDECL main(int argc, char *argv[])

 	signal(SIGPIPE, SIG_IGN);

-	ret = openttd_main(argc, argv);
+	int ret = openttd_main(argc, argv);

 #ifdef WITH_COCOA
 	cocoaReleaseAutoreleasePool();
--- a/src/os/windows/win32.cpp
+++ b/src/os/windows/win32.cpp
@@ -453,6 +453,9 @@ int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLi

 	argc = ParseCommandLine(cmdline, argv, lengthof(argv));

+	/* Make sure our arguments contain only valid UTF-8 characters. */
+	for (int i = 0; i < argc; i++) ValidateString(argv[i]);
+
 	openttd_main(argc, argv);
 	free(cmdline);
 	return 0;