From f010066c1b43489cc2e88df038c6c3e568114738 Mon Sep 17 00:00:00 2001 From: peter1138 Date: Mon, 18 Dec 2006 10:46:06 +0000 Subject: [PATCH] (svn r7503) -Codechange: [NewGRF] Add bounds checking for spriteset cargo types. (NewCargo support will change this rule a bit...) --- newgrf.c | 10 ++++++++++ newgrf_engine.c | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/newgrf.c b/newgrf.c index 7a294c6550..440cfbf313 100644 --- a/newgrf.c +++ b/newgrf.c @@ -1843,6 +1843,11 @@ static void FeatureMapSpriteGroup(byte *buf, int len) if (ctype == 0xFE) ctype = GC_DEFAULT_NA; if (ctype == 0xFF) ctype = GC_PURCHASE; + if (ctype >= NUM_GLOBAL_CID) { + grfmsg(GMS_WARN, "FeatureMapSpriteGroup: Cargo type %d out of range, skipping.", ctype); + continue; + } + statspec->spritegroup[ctype] = _cur_grffile->spritegroups[groupid]; } } @@ -1919,6 +1924,11 @@ static void FeatureMapSpriteGroup(byte *buf, int len) if (ctype == GC_INVALID) ctype = GC_PURCHASE; + if (ctype >= NUM_GLOBAL_CID) { + grfmsg(GMS_WARN, "FeatureMapSpriteGroup: Cargo type %d out of range, skipping.", ctype); + continue; + } + if (wagover) { SetWagonOverrideSprites(engine, ctype, _cur_grffile->spritegroups[groupid], last_engines, last_engines_count); } else { diff --git a/newgrf_engine.c b/newgrf_engine.c index cb126c4323..328ed3290e 100644 --- a/newgrf_engine.c +++ b/newgrf_engine.c @@ -77,6 +77,9 @@ void SetWagonOverrideSprites(EngineID engine, CargoID cargo, const SpriteGroup * WagonOverrides *wos; WagonOverride *wo; + assert(engine < TOTAL_NUM_ENGINES); + assert(cargo < NUM_GLOBAL_CID); + wos = &_engine_wagon_overrides[engine]; wos->overrides_count++; wos->overrides = realloc(wos->overrides, @@ -147,6 +150,8 @@ static const GRFFile *_engine_grf[TOTAL_NUM_ENGINES]; void SetCustomEngineSprites(EngineID engine, byte cargo, const SpriteGroup *group) { assert(engine < TOTAL_NUM_ENGINES); + assert(cargo < NUM_GLOBAL_CID); + if (engine_custom_sprites[engine][cargo] != NULL) { DEBUG(grf, 6)("SetCustomEngineSprites: engine `%d' cargo `%d' already has group -- replacing.", engine, cargo); }