#141: Out of bounds array access
----------------------+-----------------------------------------------------
Reporter: Giel | Owner:
Type: defect | Status: new
Priority: critical | Milestone: 2.1
Component: other | Version: 2.1_rc1
Keywords: | Operating_system: All/Non-Specific
Blockedby: | Blocking:
----------------------+-----------------------------------------------------
From r5014 and onward we access the array [doxygen:_droid_template
DROID_TEMPLATE]->asParts out of its bounds.
This is because that's the first revision to actually access
asParts[COMP_WEAPON]. This while asParts is defined as being DROID_MAXCOMP
elements large.
And DROID_MAXCOMP has been defined to (COMP_NUMCOMPONENTS - 1). This is
fine if you want to determine the highest component number, which it's
name suggests that it does, but it's not fine if want to know the
''number'' of components.
So there are two issues involved that need to be fixed:
* Array size of asParts (and asBits of [doxygen:DROID]) being too small
* The savegame having these two arrays two short as well; thus it will be
difficult to prevent breaking of backwards compatibility
Thus using DROID_MAXCOMP to decide on the size of the asParts array is
''wrong''. Unfortunately, however, this specific wrong usage of
DROID_MAXCOMP is used in the save games as well, additionally it is used
in [source:trunk/src/map.c map.c] too.
--
Ticket URL: <http://developer.wz2100.net/ticket/141>
Warzone 2100 Trac <http://wz2100.net/>
The Warzone 2100 Resurrection Project
_______________________________________________
Warzone-dev mailing list
[email protected]
https://mail.gna.org/listinfo/warzone-dev
