samp-plugin-timerfix icon indicating copy to clipboard operation
samp-plugin-timerfix copied to clipboard

Published 20 hours ago verified publisher icon udan11

Array lengths not checked in any way

Open Y-Less opened this issue 7 years ago • 1 comments

Arrays should be followed by a length, which should be specified by i. However, nothing in the code checks that the correct specifier is used, if one is used at all:

SetTimerEx("Func", 1000, 0, "af", array, unrelatedFloat); // Probably a stupid size as an int.
SetTimerEx("Func", 1000, 0, "a", array); // Not even enough parameters.
SetTimerEx("Func", 1000, 0, "aai", array, array, 4); // Second array is somehow first array's size.
SetTimerEx("Func", 1000, 0, "ai", array, -1); // -1 given straight to "malloc" with no sanity checks.
SetTimerEx("Func", 1000, 0, "ai", array, cellmax); // Same, try allocate 8Gb.

Y-Less avatar Jul 19 '17 12:07 Y-Less

What is the maximum array size can be passed?

ziggi avatar Aug 18 '18 07:08 ziggi