search

WeiDUorg / weidu

WeiDU is a program used to develop, distribute and install modifications for games based on the Infinity Engine.
http://www.weidu.org
GNU General Public License v2.0
87 stars 19 forks source link

Variables in array strings should not be substituted automatically #222

Closed Argent77 closed 9 months ago

Argent77 commented 1 year ago

WeiDU appears to automatically substitute variables inside array content when used by commands like SPRINT or STRING_LENGTH.

This behavior can introduce subtle bugs when processing binary data (graphics files, etc.), and can result in out-of-bounds reads/writes or corrupted data.

Example code:

// String with random binary data
OUTER_SPRINT $array(~0~) ~@Z1x$^%i%.kl;'c`~

OUTER_SPRINT content $array(~0~)
OUTER_SET len = STRING_LENGTH ~%content%~
PRINT ~Content: %content%%LNL%Buffer length: %len%~

OUTER_FOR (i = 0; i < 1; ++i) BEGIN
  OUTER_SPRINT content $array(~%i%~)
  OUTER_SET len = STRING_LENGTH ~%content%~
  PRINT ~Content: %content%%LNL%Buffer length: %len%~
END

Output:

Content: @Z1x$^%i%.kl;'c`
Buffer length: 16

Content: @Z1x$^0.kl;'c`
Buffer length: 14

The character sequence %i% within the binary data is automatically replaced by the content of the variable i.

Variables inside array data should not be automatically substituted. To retain backwards compatibility it might work to introduce a new flag, such as NO_EVAL, which can act as the counterpart to EVAL.

FredrikLindgren commented 9 months ago

Sorry, WeiDU's variable evaluation is insanity and your proposed NO_EVAL is not feasible. If you need to work with binary data, have you considered inlined files? You can store the file path rather than the data itself, and the file only has explicit variable evaluation.