From c8459249566fbf8a425109e41efebdab3d7e6558 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Janiszewski?= Date: Mon, 3 Dec 2018 20:06:05 +0100 Subject: [PATCH] Validate news item type on import (#8334) News items use queue split into two logical partitions. When detected an invalid news item type, simply drop remaining items to avoid having to handle all the possible cases of where the invalid items falls. Additionally, as normal use case wouldn't have triggered such an invalid type, it must have come from some invalid file anyway, so assume it is fine to drop other items. --- src/openrct2/rct2/S6Importer.cpp | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/src/openrct2/rct2/S6Importer.cpp b/src/openrct2/rct2/S6Importer.cpp index 7192adbe68..cba9a6bb76 100644 --- a/src/openrct2/rct2/S6Importer.cpp +++ b/src/openrct2/rct2/S6Importer.cpp @@ -426,18 +426,29 @@ public: gClimateNext.RainLevel = _s6.next_rain_level; // News items + news_item_init_queue(); for (size_t i = 0; i < RCT12_MAX_NEWS_ITEMS; i++) { const rct12_news_item* src = &_s6.news_items[i]; NewsItem* dst = &gNewsItems[i]; - - dst->Type = src->Type; - dst->Flags = src->Flags; - dst->Assoc = src->Assoc; - dst->Ticks = src->Ticks; - dst->MonthYear = src->MonthYear; - dst->Day = src->Day; - memcpy(dst->Text, src->Text, sizeof(src->Text)); + if (src->Type < std::size(news_type_properties)) + { + dst->Type = src->Type; + dst->Flags = src->Flags; + dst->Assoc = src->Assoc; + dst->Ticks = src->Ticks; + dst->MonthYear = src->MonthYear; + dst->Day = src->Day; + memcpy(dst->Text, src->Text, sizeof(src->Text)); + } + else + { + // In case where news item type is broken, consider all remaining news items invalid. + log_error("Invalid news type 0x%x for news item %d, ignoring remaining news items", src->Type, i); + // Still need to set the correct type to properly terminate the queue + dst->Type = NEWS_ITEM_NULL; + break; + } } // pad_13CE730