From a50a15e3e79d5e4c88cd4b96dfedc54f4819a3ad Mon Sep 17 00:00:00 2001
From: divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Date: Mon, 24 Aug 2009 05:39:51 +0000
Subject: [PATCH] add bounds check on OP_ADDRESS

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@9140 d7cf8633-e32d-0410-b094-e92efae38249
---
 prvm_execprogram.h | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/prvm_execprogram.h b/prvm_execprogram.h
index 43d04745..97bf15d7 100644
--- a/prvm_execprogram.h
+++ b/prvm_execprogram.h
@@ -182,6 +182,13 @@
 
 			case OP_ADDRESS:
 #if PRVMBOUNDSCHECK
+				if (OPA->edict < 0 || OPA->edict >= prog->max_edicts)
+				{
+					prog->xfunction->profile += (st - startst);
+					prog->xstatement = st - prog->statements;
+					PRVM_ERROR ("%s Progs attempted to address an out of bounds edict number", PRVM_NAME);
+					goto cleanup;
+				}
 				if ((unsigned int)(OPB->_int) >= (unsigned int)(prog->progs->entityfields))
 				{
 					prog->xfunction->profile += (st - startst);
@@ -207,7 +214,7 @@
 			case OP_LOAD_S:
 			case OP_LOAD_FNC:
 #if PRVMBOUNDSCHECK
-				if (OPA->edict < 0 || OPA->edict >= prog->edictareasize)
+				if (OPA->edict < 0 || OPA->edict >= prog->max_edicts)
 				{
 					prog->xfunction->profile += (st - startst);
 					prog->xstatement = st - prog->statements;
@@ -228,7 +235,7 @@
 
 			case OP_LOAD_V:
 #if PRVMBOUNDSCHECK
-				if (OPA->edict < 0 || OPA->edict >= prog->edictareasize)
+				if (OPA->edict < 0 || OPA->edict >= prog->max_edicts)
 				{
 					prog->xfunction->profile += (st - startst);
 					prog->xstatement = st - prog->statements;
@@ -553,7 +560,7 @@
 				break;
 			case OP_LOAD_I:
 #if PRBOUNDSCHECK
-				if (OPA->edict < 0 || OPA->edict >= pr_edictareasize)
+				if (OPA->edict < 0 || OPA->edict >= prog->max_edicts)
 				{
 					prog->xfunction->profile += (st - startst);
 					prog->xstatement = st - prog->statements;
-- 
2.39.2