(svn r7503) -Codechange: [NewGRF] Add bounds checking for spriteset cargo types. (NewCargo support will change this rule a bit...)
--- a/newgrf.c Fri Dec 15 18:51:47 2006 +0000
+++ b/newgrf.c Mon Dec 18 10:46:06 2006 +0000
@@ -1843,6 +1843,11 @@
if (ctype == 0xFE) ctype = GC_DEFAULT_NA;
if (ctype == 0xFF) ctype = GC_PURCHASE;
+ if (ctype >= NUM_GLOBAL_CID) {
+ grfmsg(GMS_WARN, "FeatureMapSpriteGroup: Cargo type %d out of range, skipping.", ctype);
+ continue;
+ }
+
statspec->spritegroup[ctype] = _cur_grffile->spritegroups[groupid];
}
}
@@ -1919,6 +1924,11 @@
if (ctype == GC_INVALID) ctype = GC_PURCHASE;
+ if (ctype >= NUM_GLOBAL_CID) {
+ grfmsg(GMS_WARN, "FeatureMapSpriteGroup: Cargo type %d out of range, skipping.", ctype);
+ continue;
+ }
+
if (wagover) {
SetWagonOverrideSprites(engine, ctype, _cur_grffile->spritegroups[groupid], last_engines, last_engines_count);
} else {
--- a/newgrf_engine.c Fri Dec 15 18:51:47 2006 +0000
+++ b/newgrf_engine.c Mon Dec 18 10:46:06 2006 +0000
@@ -77,6 +77,9 @@
WagonOverrides *wos;
WagonOverride *wo;
+ assert(engine < TOTAL_NUM_ENGINES);
+ assert(cargo < NUM_GLOBAL_CID);
+
wos = &_engine_wagon_overrides[engine];
wos->overrides_count++;
wos->overrides = realloc(wos->overrides,
@@ -147,6 +150,8 @@
void SetCustomEngineSprites(EngineID engine, byte cargo, const SpriteGroup *group)
{
assert(engine < TOTAL_NUM_ENGINES);
+ assert(cargo < NUM_GLOBAL_CID);
+
if (engine_custom_sprites[engine][cargo] != NULL) {
DEBUG(grf, 6)("SetCustomEngineSprites: engine `%d' cargo `%d' already has group -- replacing.", engine, cargo);
}