Fix misuse of ef_cadef(EF_BAD)
ef_elt_by_name(), xdprval_sym() and symval() checked whether a file
type T is a symbol table by comparing ef_cadef(T) to symbol_ca, even
though T may be EF_BAD. Before commit 50cfdcb5, ef_cadef(EF_BAD)
accessed empfile[] out of bounds, which could conceivably crash or
somehow happen to yield symbol_ca. Since then, it oopses and returns
null.
Fix by testing the file type before calling ef_cadef().
This commit is contained in:
parent
50cfdcb5a7
commit
d929aa8b82
3 changed files with 7 additions and 4 deletions
|
|
@ -63,6 +63,7 @@ sct_typematch(char *name)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Search table TYPE for an element matching NAME, return its index.
|
* Search table TYPE for an element matching NAME, return its index.
|
||||||
|
* Accepts EF_BAD, but of course never finds anything then.
|
||||||
* Return M_NOTFOUND if there are no matches, M_NOTUNIQUE if there are
|
* Return M_NOTFOUND if there are no matches, M_NOTUNIQUE if there are
|
||||||
* several.
|
* several.
|
||||||
*/
|
*/
|
||||||
|
|
@ -70,6 +71,8 @@ int
|
||||||
ef_elt_byname(int type, char *name)
|
ef_elt_byname(int type, char *name)
|
||||||
{
|
{
|
||||||
switch (type) {
|
switch (type) {
|
||||||
|
case EF_BAD:
|
||||||
|
return M_NOTFOUND;
|
||||||
case EF_NATION:
|
case EF_NATION:
|
||||||
return cnumb(name);
|
return cnumb(name);
|
||||||
case EF_SECTOR_CHR:
|
case EF_SECTOR_CHR:
|
||||||
|
|
|
||||||
|
|
@ -197,10 +197,10 @@ xdprsym(struct xdstr *xd, int key, int type, char *sep)
|
||||||
* CA describes the field from which the value was fetched.
|
* CA describes the field from which the value was fetched.
|
||||||
*/
|
*/
|
||||||
static char *
|
static char *
|
||||||
xdprval_sym(struct xdstr *xd, struct valstr *val, struct castr *ca, char *sep)
|
xdprval_sym(struct xdstr *xd, struct valstr *val, struct castr *ca,
|
||||||
|
char *sep)
|
||||||
{
|
{
|
||||||
unsigned long bit;
|
unsigned long bit;
|
||||||
struct castr *ca_sym = ef_cadef(ca->ca_table);
|
|
||||||
|
|
||||||
if (CANT_HAPPEN(val->val_cat != NSC_VAL)) {
|
if (CANT_HAPPEN(val->val_cat != NSC_VAL)) {
|
||||||
xd->pr("%snil", sep);
|
xd->pr("%snil", sep);
|
||||||
|
|
@ -208,7 +208,7 @@ xdprval_sym(struct xdstr *xd, struct valstr *val, struct castr *ca, char *sep)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!xd->human || val->val_type != NSC_LONG
|
if (!xd->human || val->val_type != NSC_LONG
|
||||||
|| ca->ca_table == EF_BAD || ca_sym != symbol_ca)
|
|| ca->ca_table == EF_BAD || ef_cadef(ca->ca_table) != symbol_ca)
|
||||||
return xdprval_nosym(xd, val, sep);
|
return xdprval_nosym(xd, val, sep);
|
||||||
|
|
||||||
if (ca->ca_flags & NSC_BITS) {
|
if (ca->ca_flags & NSC_BITS) {
|
||||||
|
|
|
||||||
|
|
@ -671,7 +671,7 @@ symval(struct castr *ca, int i)
|
||||||
{
|
{
|
||||||
int type = ca->ca_table;
|
int type = ca->ca_table;
|
||||||
|
|
||||||
if (ef_cadef(type) == symbol_ca)
|
if (type != EF_BAD && ef_cadef(type) == symbol_ca)
|
||||||
/* symbol table, value is in the table */
|
/* symbol table, value is in the table */
|
||||||
return ((struct symbol *)ef_ptr(type, i))->value;
|
return ((struct symbol *)ef_ptr(type, i))->value;
|
||||||
/* value is the table index */
|
/* value is the table index */
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue