From 3e8077d59c18cae81048539f2e858a2043efa39e Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sun, 7 Sep 2008 09:50:50 +0000 Subject: [PATCH] Fixed a nasty compiler bug where if the rhs of a ternary operator was larger than the lhs, the copy length emitted would only fit the lhs. The hier13() function now returns the larger of the lvalue sizes. (bug amb1853) --HG-- branch : sourcemod-1.0.x extra : convert_revision : svn%3A39bc706e-5318-0410-9160-8a85361fbb7c/branches/sourcemod-1.0.x%402520 --- sourcepawn/compiler/sc3.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sourcepawn/compiler/sc3.c b/sourcepawn/compiler/sc3.c index 2ef2be5c..6018082f 100644 --- a/sourcepawn/compiler/sc3.c +++ b/sourcepawn/compiler/sc3.c @@ -1346,6 +1346,15 @@ static int hier13(value *lval) if ((array1 && array2) && (total1 && total2)) { markheap(MEMUSE_DYNAMIC, 0); } + /* If both sides are arrays, we should return the maximal as the lvalue. + * Otherwise we could buffer overflow and the compiler is too stupid. + * Literal strings have a constval == -(num_cells) so the cmp is flipped. + */ + if (lval->ident==iARRAY && lval2.ident==iARRAY + && lval->constval < 0 + && lval->constval > lval2.constval) { + *lval = lval2; + } if (lval->ident==iARRAY) lval->ident=iREFARRAY; /* iARRAY becomes iREFARRAY */ else if (lval->ident!=iREFARRAY)