From: andy <andy>
Date: Sun, 29 May 2005 16:13:48 +0000 (+0000)
Subject: Fix two crash conditions Ampere found.  These are just temporary
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=f4b05d46ed3ba222c48b0f399385b43f414cc45a;p=simgear.git

Fix two crash conditions Ampere found.  These are just temporary
patches; my private version has rewritten both of these functions
(ironically fixing these bugs in the process) to handle negative
offsets meaning "from the end".
---

diff --git a/simgear/nasal/code.c b/simgear/nasal/code.c
index c7dd68ee..be7b103f 100644
--- a/simgear/nasal/code.c
+++ b/simgear/nasal/code.c
@@ -64,7 +64,7 @@ static naRef stringify(struct Context* ctx, naRef r)
 static int checkVec(struct Context* ctx, naRef vec, naRef idx)
 {
     int i = (int)numify(ctx, idx);
-    if(i < 0 || i >= vec.ref.ptr.vec->rec->size)
+    if(i < 0 || !vec.ref.ptr.vec->rec || i >= vec.ref.ptr.vec->rec->size)
         ERR(ctx, "vector index out of bounds");
     return i;
 }
diff --git a/simgear/nasal/lib.c b/simgear/nasal/lib.c
index 04d7bd64..2a3fc70d 100644
--- a/simgear/nasal/lib.c
+++ b/simgear/nasal/lib.c
@@ -115,6 +115,7 @@ static naRef substr(naContext c, naRef me, int argc, naRef* args)
     start = (int)startR.num;
     if(naIsNil(lenR)) {
         len = naStr_len(src) - start;
+        if(len < 0) return naNil();
     } else {
         lenR = naNumValue(lenR);
         if(naIsNil(lenR)) return naNil();