From 932dca927b50c1628207c4710874133e35b3b524 Mon Sep 17 00:00:00 2001 From: Peter Nelson Date: Fri, 2 May 2025 08:02:35 +0100 Subject: [PATCH] Fix: Crash/Undefined behaviour in station view window. (#14183) No column limit was applied when drawing waiting cargo, which could cause out-of-bounds array access. --- src/station_gui.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/station_gui.cpp b/src/station_gui.cpp index 971443aff4..a09b5ba06c 100644 --- a/src/station_gui.cpp +++ b/src/station_gui.cpp @@ -1759,6 +1759,7 @@ struct StationViewWindow : public Window { */ StringID SearchNonStop(CargoDataEntry &cd, StationID station, int column) { + assert(column < NUM_COLUMNS); CargoDataEntry *parent = cd.GetParent(); for (int i = column - 1; i > 0; --i) { if (this->groupings[i] == GR_DESTINATION) { @@ -1771,7 +1772,7 @@ struct StationViewWindow : public Window { parent = parent->GetParent(); } - if (this->groupings[column + 1] == GR_DESTINATION) { + if (column < NUM_COLUMNS - 1 && this->groupings[column + 1] == GR_DESTINATION) { CargoDataSet::iterator begin = cd.Begin(); CargoDataSet::iterator end = cd.End(); if (begin != end && ++(cd.Begin()) == end && (*(begin))->GetStation() == station) { @@ -1796,6 +1797,7 @@ struct StationViewWindow : public Window { */ int DrawEntries(CargoDataEntry &entry, const Rect &r, int pos, int maxrows, int column, CargoType cargo = INVALID_CARGO) { + assert(column < NUM_COLUMNS); if (this->sortings[column] == CargoSortType::AsGrouping) { if (this->groupings[column] != GR_CARGO) { entry.Resort(CargoSortType::StationString, this->sort_orders[column]); @@ -1855,7 +1857,7 @@ struct StationViewWindow : public Window { this->SetDisplayedRow(cd); } --pos; - if (auto_distributed || column == 0) { + if ((auto_distributed || column == 0) && column < NUM_COLUMNS - 1) { pos = this->DrawEntries(cd, r, pos, maxrows, column + 1, cargo); } }