mirror
/
OpenTTD
mirror of https://github.com/OpenTTD/OpenTTD
1
0
Fork 0
Code Issues

(svn r19569) -Fix: possible buffer underflow in newgrf string code

release/1.1
yexo 2010-04-06 21:16:36 +00:00
parent 8da54d59ea
commit faf5e19aae
3 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/newgrf_text.cpp
View File

@ -636,7 +636,7 @@ void RewindTextRefStack()
* @param argv the OpenTTD stack of values * @param argv the OpenTTD stack of values
* @return the string control code to "execute" now * @return the string control code to "execute" now
*/ */
uint RemapNewGRFStringControlCode(uint scc, char **buff, const char **str, int64 *argv) uint RemapNewGRFStringControlCode(uint scc, char *buf_start, char **buff, const char **str, int64 *argv)
{ {
if (_newgrf_textrefstack->used) { if (_newgrf_textrefstack->used) {
switch (scc) { switch (scc) {
@ -663,7 +663,7 @@ uint RemapNewGRFStringControlCode(uint scc, char **buff, const char **str, int64
case SCC_NEWGRF_ROTATE_TOP_4_WORDS: _newgrf_textrefstack->RotateTop4Words(); break; case SCC_NEWGRF_ROTATE_TOP_4_WORDS: _newgrf_textrefstack->RotateTop4Words(); break;
case SCC_NEWGRF_PUSH_WORD: _newgrf_textrefstack->PushWord(Utf8Consume(str)); break; case SCC_NEWGRF_PUSH_WORD: _newgrf_textrefstack->PushWord(Utf8Consume(str)); break;
case SCC_NEWGRF_UNPRINT: *buff -= Utf8Consume(str); break; case SCC_NEWGRF_UNPRINT: *buff = max(*buff - Utf8Consume(str), buf_start); break;
case SCC_NEWGRF_PRINT_STRING_ID: case SCC_NEWGRF_PRINT_STRING_ID:
*argv = TTDPStringIDToOTTDStringIDMapping(_newgrf_textrefstack->PopUnsignedWord()); *argv = TTDPStringIDToOTTDStringIDMapping(_newgrf_textrefstack->PopUnsignedWord());

2
src/newgrf_text.h
View File

@ -28,7 +28,7 @@ void StopTextRefStackUsage();
void SwitchToNormalRefStack(); void SwitchToNormalRefStack();
void SwitchToErrorRefStack(); void SwitchToErrorRefStack();
void RewindTextRefStack(); void RewindTextRefStack();
uint RemapNewGRFStringControlCode(uint scc, char **buff, const char **str, int64 *argv); uint RemapNewGRFStringControlCode(uint scc, char *buf_start, char **buff, const char **str, int64 *argv);
StringID TTDPStringIDToOTTDStringIDMapping(StringID string); StringID TTDPStringIDToOTTDStringIDMapping(StringID string);

3
src/strings.cpp
View File

@ -554,11 +554,12 @@ static char *FormatString(char *buff, const char *str, int64 *argv, uint casei,
WChar b; WChar b;
int64 *argv_orig = argv; int64 *argv_orig = argv;
uint modifier = 0; uint modifier = 0;
char *buf_start = buff;
while ((b = Utf8Consume(&str)) != '\0') { while ((b = Utf8Consume(&str)) != '\0') {
if (SCC_NEWGRF_FIRST <= b && b <= SCC_NEWGRF_LAST) { if (SCC_NEWGRF_FIRST <= b && b <= SCC_NEWGRF_LAST) {
/* We need to pass some stuff as it might be modified; oh boy. */ /* We need to pass some stuff as it might be modified; oh boy. */
b = RemapNewGRFStringControlCode(b, &buff, &str, argv); b = RemapNewGRFStringControlCode(b, buf_start, &buff, &str, argv);
if (b == 0) continue; if (b == 0) continue;
} }