coverity scan CID 22516: out-of-bounds write

potentially a bug with bad XML files? only matters if we have those, but we shouldn't
This commit is contained in:
Enno Rehling 2015-10-29 09:49:26 +01:00
parent 8b92003fff
commit 2372d3aacd
1 changed files with 15 additions and 12 deletions

View File

@ -1815,23 +1815,26 @@ static int parse_races(xmlDocPtr doc)
if (result->nodesetval->nodeNr > MAXMAGIETYP) { if (result->nodesetval->nodeNr > MAXMAGIETYP) {
log_error("race %s has %d potential familiars", rc->_name, result->nodesetval->nodeNr); log_error("race %s has %d potential familiars", rc->_name, result->nodesetval->nodeNr);
} }
for (k = 0; k != MAXMAGIETYP; ++k) { else {
if (k < result->nodesetval->nodeNr) { for (k = 0; k != MAXMAGIETYP; ++k) {
xmlNodePtr node = result->nodesetval->nodeTab[k]; if (k < result->nodesetval->nodeNr) {
xmlNodePtr node = result->nodesetval->nodeTab[k];
propValue = xmlGetProp(node, BAD_CAST "race"); propValue = xmlGetProp(node, BAD_CAST "race");
assert(propValue != NULL); assert(propValue != NULL);
frc = rc_get_or_create((const char *)propValue); frc = rc_get_or_create((const char *)propValue);
if (xml_bvalue(node, "default", false)) { if (xml_bvalue(node, "default", false)) {
rc->familiars[k] = rc->familiars[0]; rc->familiars[k] = rc->familiars[0];
rc->familiars[0] = frc; rc->familiars[0] = frc;
}
else {
rc->familiars[k] = frc;
}
xmlFree(propValue);
} }
else { else {
rc->familiars[k] = frc; rc->familiars[k] = frc;
} }
xmlFree(propValue);
} else {
rc->familiars[k] = frc;
} }
} }
xmlXPathFreeObject(result); xmlXPathFreeObject(result);