diff options
author | rubidium <rubidium@openttd.org> | 2013-11-22 21:43:47 +0000 |
---|---|---|
committer | rubidium <rubidium@openttd.org> | 2013-11-22 21:43:47 +0000 |
commit | 6f21593bf66dfe59c737e3da095817b3e80049b8 (patch) | |
tree | 67617755e086a5eb74be43879f39f659dc19fd07 | |
parent | 1b924f194fe07692e82f6d63696b74968d254cf2 (diff) | |
download | openttd-6f21593bf66dfe59c737e3da095817b3e80049b8.tar.xz |
(svn r26050) -Fix: possible, but currently untriggered, out of bounds access in strgen
-rw-r--r-- | src/strgen/strgen_base.cpp | 15 | ||||
-rw-r--r-- | src/table/strgen_tables.h | 3 |
2 files changed, 11 insertions, 7 deletions
diff --git a/src/strgen/strgen_base.cpp b/src/strgen/strgen_base.cpp index 8539b49b8..be825fac0 100644 --- a/src/strgen/strgen_base.cpp +++ b/src/strgen/strgen_base.cpp @@ -387,14 +387,15 @@ void EmitPlural(Buffer *buffer, char *buf, int value) { int argidx = _cur_argidx; int offset = 0; - const char *words[5]; + int expected = _plural_forms[_lang.plural_form].plural_count; + const char **words = AllocaM(const char *, max(expected, MAX_PLURALS)); int nw = 0; /* Parse out the number, if one exists. Otherwise default to prev arg. */ if (!ParseRelNum(&buf, &argidx, &offset)) argidx--; /* Parse each string */ - for (nw = 0; nw < 5; nw++) { + for (nw = 0; nw < MAX_PLURALS; nw++) { words[nw] = ParseWord(&buf); if (words[nw] == NULL) break; } @@ -403,16 +404,16 @@ void EmitPlural(Buffer *buffer, char *buf, int value) strgen_fatal("%s: No plural words", _cur_ident); } - if (_plural_forms[_lang.plural_form].plural_count != nw) { + if (expected != nw) { if (_translated) { strgen_fatal("%s: Invalid number of plural forms. Expecting %d, found %d.", _cur_ident, - _plural_forms[_lang.plural_form].plural_count, nw); + expected, nw); } else { if ((_show_todo & 2) != 0) strgen_warning("'%s' is untranslated. Tweaking english string to allow compilation for plural forms", _cur_ident); - if (nw > _plural_forms[_lang.plural_form].plural_count) { - nw = _plural_forms[_lang.plural_form].plural_count; + if (nw > expected) { + nw = expected; } else { - for (; nw < _plural_forms[_lang.plural_form].plural_count; nw++) { + for (; nw < expected; nw++) { words[nw] = words[nw - 1]; } } diff --git a/src/table/strgen_tables.h b/src/table/strgen_tables.h index 811a8ffda..e6924e29c 100644 --- a/src/table/strgen_tables.h +++ b/src/table/strgen_tables.h @@ -154,6 +154,9 @@ struct PluralForm { const char *names; ///< Plural names }; +/** The maximum number of plurals. */ +static const int MAX_PLURALS = 5; + /** All plural forms used */ static const PluralForm _plural_forms[] = { { 2, "Two forms: special case for 1.", "\"1\" \"other\"" }, |