From 1146904d457bac0d5beaaf9bcc7f2c4b56ee1bf8 Mon Sep 17 00:00:00 2001 From: Rubidium Date: Tue, 13 Jun 2023 19:30:03 +0200 Subject: [PATCH] Fix: when a string consumes more parameters than allowed, nullptr is attempted to be formatted --- src/strings.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/strings.cpp b/src/strings.cpp index 4c358fa78d..5b059eefaf 100644 --- a/src/strings.cpp +++ b/src/strings.cpp @@ -1074,7 +1074,9 @@ static void FormatString(StringBuilder &builder, const char *str_arg, StringPara case SCC_RAW_STRING_POINTER: { // {RAW_STRING} const char *raw_string = (const char *)(size_t)args->GetInt64(SCC_RAW_STRING_POINTER); - if (game_script && std::find(_game_script_raw_strings.begin(), _game_script_raw_strings.end(), raw_string) == _game_script_raw_strings.end()) { + /* raw_string can be(come) nullptr when the parameter is out of range and 0 is returned instead. */ + if (raw_string == nullptr || + (game_script && std::find(_game_script_raw_strings.begin(), _game_script_raw_strings.end(), raw_string) == _game_script_raw_strings.end())) { builder += "(invalid RAW_STRING parameter)"; break; }