Bounds check all entity getters that can return 0

The entity getters I'm referring to are entityclass::getscm(), entityclass::getlineat(), entityclass::getcrewman(), and entityclass::getcustomcrewman(). Even though the player should always exist, and the player should always be indice 0, I wouldn't want to make that assumption. I've been wrong before. Also, these functions returning 0 lull you into a false sense of security. If you assume that commands using these functions are fine, you'll forget about the fact that `i` in those commands could be potentially anything, given an invalid argument. In fact, it's possible to index createactivityzone(), flipgravity(), and customposition() out-of-bounds by setting `i` to anything! Well, WAS possible. I fixed it so now they can't. Furthermore, in the game.scmmoveme block in gamelogic(), obj.getplayer() wasn't even checked, even though it's been checked in all other places. I only caught it just now because I wanted to bounds-check all usages of obj.getscm(), too, and that game.scmmove block also used obj.getscm() without bounds-checking it as well.
2026-01-30 01:48:15 +03:00 · 2020-09-09 22:31:09 -07:00
parent 19a8352775
commit 76d6a3536b
5 changed files with 136 additions and 96 deletions
--- a/desktop_version/src/Logic.cpp
+++ b/desktop_version/src/Logic.cpp
@@ -769,12 +769,16 @@ void gamelogic()
            }
            else if (game.swngame == 3)    //extend line
            {
-                obj.entities[obj.getlineat(84 - 32)].w += 24;
-                if (obj.entities[obj.getlineat(84 - 32)].w > 332)
+                int line = obj.getlineat(84 - 32);
+                if (INBOUNDS_VEC(line, obj.entities))
                {
-                    obj.entities[obj.getlineat(84 - 32)].w = 332;
-                    game.swngame = 2;
-                    graphics.kludgeswnlinewidth = true;
+                    obj.entities[line].w += 24;
+                    if (obj.entities[line].w > 332)
+                    {
+                        obj.entities[line].w = 332;
+                        game.swngame = 2;
+                        graphics.kludgeswnlinewidth = true;
+                    }
                }
            }
            else if (game.swngame == 4)    //create top line
@@ -786,12 +790,16 @@ void gamelogic()
            }
            else if (game.swngame == 5)    //remove line
            {
-                obj.entities[obj.getlineat(148 + 32)].xp += 24;
-                if (obj.entities[obj.getlineat(148 + 32)].xp > 320)
+                int line = obj.getlineat(148 + 32);
+                if (INBOUNDS_VEC(line, obj.entities))
                {
-                    obj.removeentity(obj.getlineat(148 + 32));
-                    game.swnmode = false;
-                    game.swngame = 6;
+                    obj.entities[line].xp += 24;
+                    if (obj.entities[line].xp > 320)
+                    {
+                        obj.removeentity(line);
+                        game.swnmode = false;
+                        game.swngame = 6;
+                    }
                }
            }
            else if (game.swngame == 6)    //Init the super gravitron
@@ -1587,7 +1595,12 @@ void gamelogic()

                if (game.scmmoveme)
                {
-                    obj.entities[obj.getscm()].xp = obj.entities[obj.getplayer()].xp;
+                    int scm = obj.getscm();
+                    int player = obj.getplayer();
+                    if (INBOUNDS_VEC(scm, obj.entities) && INBOUNDS_VEC(player, obj.entities))
+                    {
+                        obj.entities[scm].xp = obj.entities[player].xp;
+                    }
                    game.scmmoveme = false;
                }
                break;