From 3362ea2447b4a73def89553337e9efe5986d01c2 Mon Sep 17 00:00:00 2001
From: andy <andy>
Date: Tue, 17 Oct 2006 19:58:33 +0000
Subject: [PATCH] A bug was discovered on IRC where an errant script was
 setting a nil value on a property.  This becomes a NaN when converted to a
 numeric value, which then percolated into the C++ world where it ultimately
 caused a crash in YASim's turbulence code.  While converting nil to NaN isn't
 *strictly* wrong, it's dangerous for this reason.  Toss a Nasal exception
 instead.  Hopefully this won't break too much preexisting code.

---
 src/Scripting/NasalSys.cxx    |  7 ++++++-
 src/Scripting/nasal-props.cxx | 14 ++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/Scripting/NasalSys.cxx b/src/Scripting/NasalSys.cxx
index 78d68d6da..7668a84eb 100644
--- a/src/Scripting/NasalSys.cxx
+++ b/src/Scripting/NasalSys.cxx
@@ -213,7 +213,12 @@ static naRef f_setprop(naContext c, naRef me, int argc, naRef* args)
     naRef val = args[argc-1];
     try {
         if(naIsString(val)) props->setStringValue(buf, naStr_data(val));
-        else                props->setDoubleValue(buf, naNumValue(val).num);
+        else {
+            naRef n = naNumValue(val);
+            if(naIsNil(n))
+                naRuntimeError(c, "setprop() value is not string or number");
+            props->setDoubleValue(buf, n.num);
+        }
     } catch (const string& err) {
         naRuntimeError(c, (char *)err.c_str());
     }
diff --git a/src/Scripting/nasal-props.cxx b/src/Scripting/nasal-props.cxx
index d040d3189..8a467db9a 100644
--- a/src/Scripting/nasal-props.cxx
+++ b/src/Scripting/nasal-props.cxx
@@ -107,7 +107,12 @@ static naRef f_setValue(naContext c, naRef me, int argc, naRef* args)
     NODEARG();
     naRef val = naVec_get(argv, 0);
     if(naIsString(val)) (*node)->setStringValue(naStr_data(val));
-    else                (*node)->setDoubleValue(naNumValue(val).num);
+    else {
+        naRef n = naNumValue(val);
+        if(naIsNil(n))
+            naRuntimeError(c, "props.setValue() with non-number");
+        (*node)->setDoubleValue(naNumValue(val).num);
+    }
     return naNil();
 }
 
@@ -120,6 +125,8 @@ static naRef f_setIntValue(naContext c, naRef me, int argc, naRef* args)
     // Junk to pacify the gcc-2.95.3 optimizer:
     naRef tmp0 = naVec_get(argv, 0);
     naRef tmp1 = naNumValue(tmp0);
+    if(naIsNil(tmp1))
+        naRuntimeError(c, "props.setIntValue() with non-number");
     double tmp2 = tmp1.num;
     int iv = (int)tmp2;
 
@@ -138,7 +145,10 @@ static naRef f_setBoolValue(naContext c, naRef me, int argc, naRef* args)
 static naRef f_setDoubleValue(naContext c, naRef me, int argc, naRef* args)
 {
     NODEARG();
-    (*node)->setDoubleValue(naNumValue(naVec_get(argv, 0)).num);
+    naRef r = naNumValue(naVec_get(argv, 0));
+    if(naIsNil(r))
+        naRuntimeError(c, "props.setDoubleValue() with non-number");
+    (*node)->setDoubleValue(r.num);
     return naNil();
 }
 
-- 
2.39.5