From 2f0616e9f2c821830a8533fd7bde0c1660604215 Mon Sep 17 00:00:00 2001
From: peter1138 <peter1138@openttd.org>
Date: Tue, 20 Sep 2005 11:07:33 +0000
Subject: (svn r2965) Fix: newgrf: Add bounds checking to VehicleChangeInfo for
 vehicles and change              station special case to vehicle special
 case.

---
 newgrf.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'newgrf.c')

diff --git a/newgrf.c b/newgrf.c
index ace4d72d7..901d84df2 100644
--- a/newgrf.c
+++ b/newgrf.c
@@ -1046,10 +1046,13 @@ static void VehicleChangeInfo(byte *buf, int len)
 		return;
 	}
 
-	if (feature != GSF_STATION)
+	if (feature <= GSF_AIRCRAFT) {
+		if (engine + numinfo > _vehcounts[feature]) {
+			grfmsg(GMS_ERROR, "VehicleChangeInfo: Last engine ID %d out of bounds (max %d), skipping.", engine + numinfo, _vehcounts[feature]);
+			return;
+		}
 		ei = &_engine_info[engine + _vehshifts[feature]];
-	/* XXX - Should there not be a check to see if 'ei' is NULL
-	    when it is used in the switch below?? -- TrueLight */
+	}
 
 	buf += 5;
 
-- 
cgit v1.2.3-54-g00ecf