From 4f7dc6b0f2d3ddaa7b8cef5711bf420044c6b733 Mon Sep 17 00:00:00 2001 From: peter1138 Date: Sun, 10 Dec 2006 21:39:38 +0000 Subject: [PATCH] (svn r7475) -Fix (r7348): sanity check NewGRF action 8 strings for null terminator --- newgrf.c | 23 +++++++++++++++++++---- string.h | 10 ++++++++++ 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/newgrf.c b/newgrf.c index 2f162f8265..db28e6ee59 100644 --- a/newgrf.c +++ b/newgrf.c @@ -2466,6 +2466,7 @@ static void SkipIf(byte *buf, int len) } } + /* Action 0x08 (GLS_FILESCAN) */ static void ScanInfo(byte *buf, int len) { @@ -2473,16 +2474,30 @@ static void ScanInfo(byte *buf, int len) uint32 grfid; const char *name; const char *info; + int name_len; + int info_len; check_length(len, 8, "Info"); buf++; version = grf_load_byte(&buf); grfid = grf_load_dword(&buf); - name = (const char*)buf; - info = name + strlen(name) + 1; _cur_grfconfig->grfid = grfid; - _cur_grfconfig->name = TranslateTTDPatchCodes(name); - _cur_grfconfig->info = TranslateTTDPatchCodes(info); + + len -= 6; + name = (const char*)buf; + name_len = ttd_strnlen(name, len); + + if (name_len < len) { + _cur_grfconfig->name = TranslateTTDPatchCodes(name); + + len -= name_len + 1; + info = name + name_len + 1; + info_len = ttd_strnlen(info, len); + + if (info_len < len) { + _cur_grfconfig->info = TranslateTTDPatchCodes(info); + } + } _skip_sprites = -1; } diff --git a/string.h b/string.h index d5f637719e..2dbc06eee0 100644 --- a/string.h +++ b/string.h @@ -46,6 +46,16 @@ typedef enum CharSetFilter { /** Convert the given string to lowercase, only works with ASCII! */ void strtolower(char *str); + +/** Get the length of a string, within a limited buffer */ +static inline int ttd_strnlen(const char *str, int maxlen) +{ + const char *t; + for (t = str; *t != '\0' && t - str < maxlen; t++); + return t - str; +} + + typedef uint32 WChar; /**