(svn r7475) -Fix (r7348): sanity check NewGRF action 8 strings for null terminator
--- a/newgrf.c Sun Dec 10 19:00:06 2006 +0000
+++ b/newgrf.c Sun Dec 10 21:39:38 2006 +0000
@@ -2466,6 +2466,7 @@
}
}
+
/* Action 0x08 (GLS_FILESCAN) */
static void ScanInfo(byte *buf, int len)
{
@@ -2473,16 +2474,30 @@
uint32 grfid;
const char *name;
const char *info;
+ int name_len;
+ int info_len;
check_length(len, 8, "Info"); buf++;
version = grf_load_byte(&buf);
grfid = grf_load_dword(&buf);
- name = (const char*)buf;
- info = name + strlen(name) + 1;
_cur_grfconfig->grfid = grfid;
- _cur_grfconfig->name = TranslateTTDPatchCodes(name);
- _cur_grfconfig->info = TranslateTTDPatchCodes(info);
+
+ len -= 6;
+ name = (const char*)buf;
+ name_len = ttd_strnlen(name, len);
+
+ if (name_len < len) {
+ _cur_grfconfig->name = TranslateTTDPatchCodes(name);
+
+ len -= name_len + 1;
+ info = name + name_len + 1;
+ info_len = ttd_strnlen(info, len);
+
+ if (info_len < len) {
+ _cur_grfconfig->info = TranslateTTDPatchCodes(info);
+ }
+ }
_skip_sprites = -1;
}
--- a/string.h Sun Dec 10 19:00:06 2006 +0000
+++ b/string.h Sun Dec 10 21:39:38 2006 +0000
@@ -46,6 +46,16 @@
/** Convert the given string to lowercase, only works with ASCII! */
void strtolower(char *str);
+
+/** Get the length of a string, within a limited buffer */
+static inline int ttd_strnlen(const char *str, int maxlen)
+{
+ const char *t;
+ for (t = str; *t != '\0' && t - str < maxlen; t++);
+ return t - str;
+}
+
+
typedef uint32 WChar;
/**