Skip to content

Commit

Permalink
Added runtime check for negative array indices in VM
Browse files Browse the repository at this point in the history 
https://forum.zdoom.org/viewtopic.php?t=57886
  • Loading branch information
@alexey-lysiuk
alexey-lysiuk committed Nov 2, 2017
1 parent 57de598 commit 81ea9fb
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 3 deletions.
15 changes: 15 additions & 0 deletions src/scripting/vm/vmexec.h
View file
Expand Up @@ -899,6 +899,11 @@ static int Exec(VMFrameStack *stack, const VMOP *pc, VMReturn *ret, int numret)
ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Max.index = %u, current index = %u\n", BC, reg.d[a]);
return 0;
}
else if (reg.d[a] < 0)
{
ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Negative current index = %i\n", reg.d[a]);
return 0;
}
NEXTOP;

OP(BOUND_K):
Expand All @@ -908,6 +913,11 @@ static int Exec(VMFrameStack *stack, const VMOP *pc, VMReturn *ret, int numret)
ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Max.index = %u, current index = %u\n", konstd[BC], reg.d[a]);
return 0;
}
else if (reg.d[a] < 0)
{
ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Negative current index = %i\n", reg.d[a]);
return 0;
}
NEXTOP;

OP(BOUND_R):
Expand All @@ -917,6 +927,11 @@ static int Exec(VMFrameStack *stack, const VMOP *pc, VMReturn *ret, int numret)
ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Max.index = %u, current index = %u\n", reg.d[B], reg.d[a]);
return 0;
}
else if (reg.d[a] < 0)
{
ThrowAbortException(X_ARRAY_OUT_OF_BOUNDS, "Negative current index = %i\n", reg.d[a]);
return 0;
}
NEXTOP;

OP(CONCAT):
Expand Down
6 changes: 3 additions & 3 deletions src/scripting/vm/vmops.h
View file
Expand Up @@ -122,9 +122,9 @@ xx(THROW, throw, THROW, NOP, 0, 0), // A == 0: Throw exception object pB
// A == 2: (pB == <type of exception thrown>) then pc++ ; next instruction must JMP to another CATCH
// A == 3: (pkB == <type of exception thrown>) then pc++ ; next instruction must JMP to another CATCH
// for A > 0, exception is stored in pC
xx(BOUND, bound, RII16, NOP, 0, 0), // if rA >= BC, throw exception
xx(BOUND_K, bound, LKI, NOP, 0, 0), // if rA >= const[BC], throw exception
xx(BOUND_R, bound, RIRI, NOP, 0, 0), // if rA >= rB, throw exception
xx(BOUND, bound, RII16, NOP, 0, 0), // if rA < 0 or rA >= BC, throw exception
xx(BOUND_K, bound, LKI, NOP, 0, 0), // if rA < 0 or rA >= const[BC], throw exception
xx(BOUND_R, bound, RIRI, NOP, 0, 0), // if rA < 0 or rA >= rB, throw exception

// String instructions.
xx(CONCAT, concat, RSRSRS, NOP, 0, 0), // sA = sB..sC
Expand Down

0 comments on commit 81ea9fb

Please sign in to comment.