(svn r7475) -Fix (r7348): sanity check NewGRF action 8 strings for null terminator
This commit is contained in:
peter1138
19
newgrf.c
19
newgrf.c
@@ -2466,6 +2466,7 @@ static void SkipIf(byte *buf, int len)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Action 0x08 (GLS_FILESCAN) */
|
||||
static void ScanInfo(byte *buf, int len)
|
||||
{
|
||||
@@ -2473,16 +2474,30 @@ static void ScanInfo(byte *buf, int len)
|
||||
uint32 grfid;
|
||||
const char *name;
|
||||
const char *info;
|
||||
int name_len;
|
||||
int info_len;
|
||||
|
||||
check_length(len, 8, "Info"); buf++;
|
||||
version = grf_load_byte(&buf);
|
||||
grfid = grf_load_dword(&buf);
|
||||
name = (const char*)buf;
|
||||
info = name + strlen(name) + 1;
|
||||
|
||||
_cur_grfconfig->grfid = grfid;
|
||||
|
||||
len -= 6;
|
||||
name = (const char*)buf;
|
||||
name_len = ttd_strnlen(name, len);
|
||||
|
||||
if (name_len < len) {
|
||||
_cur_grfconfig->name = TranslateTTDPatchCodes(name);
|
||||
|
||||
len -= name_len + 1;
|
||||
info = name + name_len + 1;
|
||||
info_len = ttd_strnlen(info, len);
|
||||
|
||||
if (info_len < len) {
|
||||
_cur_grfconfig->info = TranslateTTDPatchCodes(info);
|
||||
}
|
||||
}
|
||||
|
||||
_skip_sprites = -1;
|
||||
}
|
||||
|
||||
10
string.h
10
string.h
@@ -46,6 +46,16 @@ typedef enum CharSetFilter {
|
||||
/** Convert the given string to lowercase, only works with ASCII! */
|
||||
void strtolower(char *str);
|
||||
|
||||
|
||||
/** Get the length of a string, within a limited buffer */
|
||||
static inline int ttd_strnlen(const char *str, int maxlen)
|
||||
{
|
||||
const char *t;
|
||||
for (t = str; *t != '\0' && t - str < maxlen; t++);
|
||||
return t - str;
|
||||
}
|
||||
|
||||
|
||||
typedef uint32 WChar;
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user