Unsafe casting in Add_Entry
xezon opened this issue · 0 comments
xezon commented
int Add_Entry(Utf16String *string, int color, int row, int column, GameWindow *list_box, bool overwrite)
{
_ListboxData *data = static_cast<_ListboxData *>(list_box->Win_Get_User_Data());
if (column < data->m_columns && row < data->m_listLength) {
if (row == -1) {
row = data->m_insertPos++;
data->m_endPos++;
}
if (column == -1) {
column = 0;
}
int wrap = data->m_columnWidth[column] - 7;
int adjust = 0;
_ListEntryRow *list_row = &data->m_listData[row];
if (list_row->m_cell != nullptr) {
if (!overwrite) {
Move_Rows_Down(data, row);
list_row->m_cell = new _ListEntryCell[data->m_columns];
memset(list_row->m_cell, 0, sizeof(_ListEntryCell) * data->m_columns);
adjust = 1;
}
} else {
list_row->m_cell = new _ListEntryCell[data->m_columns];
memset(list_row->m_cell, 0, sizeof(_ListEntryCell) * data->m_columns);
adjust = 1;
}
list_row->m_cell[column].m_cellType = LISTBOX_TEXT;
list_row->m_cell[column].m_textColor = color;
if (list_row->m_cell[column].m_data == nullptr) {
list_row->m_cell[column].m_data = g_theDisplayStringManager->New_Display_String();
}
DisplayString *text = static_cast<DisplayString *>(list_row->m_cell[column].m_data);
This function allocates a DisplayString for list_row->m_cell[column].m_data if it is null, but if it is not null, then is there a guarantee that list_row->m_cell[column].m_data is actually pointing to a DisplayString?
What if this was a LISTBOX_IMAGE before and m_data is actually not a DisplayString?
To be safe, there needs to be this check before:
if (list_row->m_cell[column].m_data != nullptr && list_row->m_cell[column].m_cellType == LISTBOX_TEXT) {
g_theDisplayStringManager->Free_Display_String(static_cast<DisplayString *>(list_row->m_cell[column].m_data));
list_row->m_cell[column].m_data = nullptr;
}