From 46f140710a7c80e508ab98735078b848bde6732e Mon Sep 17 00:00:00 2001 From: Daniel Buckmaster Date: Tue, 20 Nov 2012 08:18:14 +1100 Subject: [PATCH] Prevented looking up incorrect object handles. Previously, dAtoi would be called on arbitrary strings delimited only by the / character. Now, Sim::findObject actually checks that object handles (strings starting with a digit) actually only contain digits or slashes. --- Engine/source/console/simManager.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Engine/source/console/simManager.cpp b/Engine/source/console/simManager.cpp index 0f00d1e33..2347219aa 100644 --- a/Engine/source/console/simManager.cpp +++ b/Engine/source/console/simManager.cpp @@ -367,6 +367,8 @@ SimObject* findObject(const char* name) return NULL; return obj->findObject(temp); } + else if (c < '0' || c > '9') + return NULL; } } S32 len;