identify two missing bounds checks (fix them later)
authordivverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Tue, 18 Aug 2009 16:02:51 +0000 (16:02 +0000)
committerdivverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Tue, 18 Aug 2009 16:02:51 +0000 (16:02 +0000)
git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@9120 d7cf8633-e32d-0410-b094-e92efae38249

prvm_execprogram.h

index 19fc6bb..8db48bd 100644 (file)
@@ -40,8 +40,6 @@
                                OPC->vector[0] = OPA->_float * OPB->vector[0];
                                OPC->vector[1] = OPA->_float * OPB->vector[1];
                                OPC->vector[2] = OPA->_float * OPB->vector[2];
-                               break;
-                       case OP_MUL_VF:
                                OPC->vector[0] = OPB->_float * OPA->vector[0];
                                OPC->vector[1] = OPB->_float * OPA->vector[1];
                                OPC->vector[2] = OPB->_float * OPA->vector[2];
                                        goto cleanup;
                                }
 #endif
-                               ed = PRVM_PROG_TO_EDICT(OPA->edict);
+                               ed = PRVM_PROG_TO_EDICT(OPA->edict); // TODO bounds check entity number
                                OPC->_int = ((prvm_eval_t *)((int *)ed->fields.vp + OPB->_int))->_int;
                                break;
 
                                        goto cleanup;
                                }
 #endif
-                               ed = PRVM_PROG_TO_EDICT(OPA->edict);
+                               ed = PRVM_PROG_TO_EDICT(OPA->edict); // TODO bounds check entity number
                                OPC->ivector[0] = ((prvm_eval_t *)((int *)ed->fields.vp + OPB->_int))->ivector[0];
                                OPC->ivector[1] = ((prvm_eval_t *)((int *)ed->fields.vp + OPB->_int))->ivector[1];
                                OPC->ivector[2] = ((prvm_eval_t *)((int *)ed->fields.vp + OPB->_int))->ivector[2];
                                prog->argc = st->op - OP_CALL0;
                                if (!OPA->function)
                                        PRVM_ERROR("NULL function in %s", PRVM_NAME);
-
-                               newf = &prog->functions[OPA->function];
+                               newf = &prog->functions[OPA->function]; // TODO bounds check function
                                newf->callcount++;
 
                                if (newf->first_statement < 0)