From 2f042ea1988407524d86998dcba2672b23c8aaf6 Mon Sep 17 00:00:00 2001
From: yexo <yexo@openttd.org>
Date: Sun, 14 Oct 2012 15:18:09 +0000
Subject: (svn r24593) -Fix [FS#5333]: crash when a gamescript provided too
 many parameters to a GSText object

---
 src/strings.cpp | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'src/strings.cpp')

diff --git a/src/strings.cpp b/src/strings.cpp
index 2449c5c09..12f41e158 100644
--- a/src/strings.cpp
+++ b/src/strings.cpp
@@ -62,6 +62,24 @@ void StringParameters::ClearTypeInformation()
 	MemSetT(this->type, 0, this->num_param);
 }
 
+
+/**
+ * Read an int64 from the argument array. The offset is increased
+ * so the next time GetInt64 is called the next value is read.
+ */
+int64 StringParameters::GetInt64(WChar type)
+{
+	if (this->offset >= this->num_param) {
+		DEBUG(misc, 0, "Trying to read invalid string parameter");
+		return 0;
+	}
+	if (this->type != NULL) {
+		assert(this->type[this->offset] == 0 || this->type[this->offset] == type);
+		this->type[this->offset] = type;
+	}
+	return this->data[this->offset++];
+}
+
 /**
  * Shift all data in the data array by the given amount to make
  * room for some extra parameters.
@@ -780,7 +798,7 @@ static char *FormatString(char *buff, const char *str_arg, StringParameters *arg
 				}
 
 				int i = 0;
-				while (*p != '\0') {
+				while (*p != '\0' && i < 20) {
 					uint64 param;
 					s = ++p;
 
-- 
cgit v1.2.3-54-g00ecf