From 5fd107a95c7a763d3fe7a84d433b8bc7de1dac69 Mon Sep 17 00:00:00 2001 From: cc9cii Date: Wed, 27 May 2015 10:19:26 +1000 Subject: [PATCH] Fix crash with array out of bounds when refNum index is incorrect. --- components/esm/loadcell.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/components/esm/loadcell.cpp b/components/esm/loadcell.cpp index 0f8897c48..94f4b0b6e 100644 --- a/components/esm/loadcell.cpp +++ b/components/esm/loadcell.cpp @@ -18,9 +18,11 @@ namespace ///< Translate 8bit/24bit code (stored in refNum.mIndex) into a proper refNum void adjustRefNum (ESM::RefNum& refNum, ESM::ESMReader& reader) { - int local = (refNum.mIndex & 0xff000000) >> 24; + unsigned int local = (refNum.mIndex & 0xff000000) >> 24; - if (local) + // If we have an index value that does not make sense, assume that it was an addition + // by the present plugin (but a faulty one) + if (local && local <= reader.getGameFiles().size()) { // If the most significant 8 bits are used, then this reference already exists. // In this case, do not spawn a new reference, but overwrite the old one.