From e5f5b995843af5bd5a66eb556c18b0dbc48e300e Mon Sep 17 00:00:00 2001
From: Eric Wasylishen <ewasylishen@gmail.com>
Date: Wed, 2 Nov 2016 16:52:12 -0600
Subject: [PATCH] qbsp: bounds check some array accesses

---
 qbsp/brush.cc     |  2 +-
 qbsp/bspfile.cc   |  6 +++---
 qbsp/exportobj.cc |  2 +-
 qbsp/map.cc       |  6 +++---
 qbsp/outside.cc   |  2 +-
 qbsp/surfaces.cc  |  2 +-
 qbsp/wad.cc       | 11 +++++------
 qbsp/writebsp.cc  |  2 +-
 8 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/qbsp/brush.cc b/qbsp/brush.cc
index d0da2fe7..6afe9c8c 100644
--- a/qbsp/brush.cc
+++ b/qbsp/brush.cc
@@ -762,7 +762,7 @@ Brush_GetContents(const mapbrush_t *mapbrush)
     const char *texname;
     const mapface_t &mapface = mapbrush->face(0);
     const mtexinfo_t &texinfo = map.mtexinfos.at(mapface.texinfo);
-    texname = map.miptex[texinfo.miptex].c_str();
+    texname = map.miptex.at(texinfo.miptex).c_str();
 
     if (!Q_strcasecmp(texname, "hint") || !Q_strcasecmp(texname, "hintskip"))
         return CONTENTS_HINT;
diff --git a/qbsp/bspfile.cc b/qbsp/bspfile.cc
index 4abd46a0..dde2faf7 100644
--- a/qbsp/bspfile.cc
+++ b/qbsp/bspfile.cc
@@ -139,7 +139,7 @@ AddLump(FILE *f, int Type)
     lump->fileofs = ftell(f);
 
     for (i = 0; i < map.numentities(); i++) {
-        entity = &map.entities[i];
+        entity = &map.entities.at(i);
         entities = &entity->lumps[Type];
         if (entities->data) {
             if (Type == LUMP_MODELS && !options.hexen2) {
@@ -200,7 +200,7 @@ GenLump(const char *bspxlump, int Type, size_t sz)
     char *out;
 
     for (i = 0; i < map.numentities(); i++) {
-        entity = &map.entities[i];
+        entity = &map.entities.at(i);
         entities = &entity->lumps[Type];
         cLen += entities->count*sz; 
     }
@@ -209,7 +209,7 @@ GenLump(const char *bspxlump, int Type, size_t sz)
     out = (char *)malloc(cLen);
     cLen = 0;
     for (i = 0; i < map.numentities(); i++) {
-        entity = &map.entities[i];
+        entity = &map.entities.at(i);
         entities = &entity->lumps[Type];
         memcpy(out+cLen, entities->data, entities->count*sz);
         cLen += entities->count*sz;
diff --git a/qbsp/exportobj.cc b/qbsp/exportobj.cc
index 9c0b7860..53f1d507 100644
--- a/qbsp/exportobj.cc
+++ b/qbsp/exportobj.cc
@@ -46,7 +46,7 @@ static void
 ExportObjFace(FILE *f, const face_t *face, int *vertcount)
 {
     const mtexinfo_t &texinfo = map.mtexinfos.at(face->texinfo);
-    const char *texname = map.miptex[texinfo.miptex].c_str();
+    const char *texname = map.miptex.at(texinfo.miptex).c_str();
     
     const texture_t *texture = WADList_GetTexture(texname);
     const int width = texture ? texture->width : 64;
diff --git a/qbsp/map.cc b/qbsp/map.cc
index 1bfd2038..85961378 100644
--- a/qbsp/map.cc
+++ b/qbsp/map.cc
@@ -76,7 +76,7 @@ AddAnimTex(const char *name)
     for (i = 0; i < frame; i++) {
         framename[1] = basechar + i;
         for (j = 0; j < map.nummiptex(); j++) {
-            if (!Q_strcasecmp(framename, map.miptex[j].c_str()))
+            if (!Q_strcasecmp(framename, map.miptex.at(j).c_str()))
                 break;
         }
         if (j < map.nummiptex())
@@ -98,7 +98,7 @@ FindMiptex(const char *name)
         name = pathsep + 1;
 
     for (i = 0; i < map.nummiptex(); i++) {
-        if (!Q_strcasecmp(name, map.miptex[i].c_str()))
+        if (!Q_strcasecmp(name, map.miptex.at(i).c_str()))
             return i;
     }
 
@@ -198,7 +198,7 @@ int
 FindTexinfoEnt(mtexinfo_t *texinfo, const mapentity_t *entity)
 {
     uint64_t flags = 0;
-    const char *texname = map.miptex[texinfo->miptex].c_str();
+    const char *texname = map.miptex.at(texinfo->miptex).c_str();
     if (IsSkipName(texname))
         flags |= TEX_SKIP;
     if (IsHintName(texname))
diff --git a/qbsp/outside.cc b/qbsp/outside.cc
index 645ae81d..eb32b493 100644
--- a/qbsp/outside.cc
+++ b/qbsp/outside.cc
@@ -364,7 +364,7 @@ FindLeaks_r(leakstate_t *leak, const int fillmark, node_t *node)
         return false;
 
     if (node->occupied) {
-        leak->entity = &map.entities[node->occupied];
+        leak->entity = &map.entities.at(node->occupied);
         leak->node = node;
         leak->backdraw = 4000;
         return true;
diff --git a/qbsp/surfaces.cc b/qbsp/surfaces.cc
index 10a83595..28d2b23a 100644
--- a/qbsp/surfaces.cc
+++ b/qbsp/surfaces.cc
@@ -598,7 +598,7 @@ MakeFaceEdges(mapentity_t *entity, node_t *headnode)
     cStartEdge = 0;
     const int entnum = entity - &map.entities.at(0);
     for (i = 0; i < entnum; i++)
-        cStartEdge += map.entities[i].lumps[LUMP_EDGES].count;
+        cStartEdge += map.entities.at(i).lumps[LUMP_EDGES].count;
 
     CountData_r(entity, headnode);
 
diff --git a/qbsp/wad.cc b/qbsp/wad.cc
index d4d3d7ec..55e5557a 100644
--- a/qbsp/wad.cc
+++ b/qbsp/wad.cc
@@ -190,7 +190,7 @@ WADList_Process(const wad_t *wadlist)
 
     /* Count texture size.  Slower, but saves memory. */
     for (i = 0; i < map.nummiptex(); i++) {
-        texture = WADList_FindTexture(wadlist, map.miptex[i].c_str());
+        texture = WADList_FindTexture(wadlist, map.miptex.at(i).c_str());
         if (texture) {
             if (options.fNoTextures)
                 texdata->count += sizeof(dmiptex_t);
@@ -210,7 +210,7 @@ WADList_Process(const wad_t *wadlist)
     for (i = 0; i < map.nummiptex(); i++) {
         if (miptexlump->dataofs[i] == 0) {
             miptexlump->dataofs[i] = -1;
-            Message(msgWarning, warnTextureNotFound, map.miptex[i].c_str());
+            Message(msgWarning, warnTextureNotFound, map.miptex.at(i).c_str());
         }
     }
 }
@@ -230,7 +230,7 @@ WADList_LoadTextures(const wad_t *wadlist, dmiptexlump_t *lump)
             continue;
         size = 0;
         for (wad = wadlist; wad; wad = wad->next) {
-            size = WAD_LoadLump(wad, map.miptex[i].c_str(), data);
+            size = WAD_LoadLump(wad, map.miptex.at(i).c_str(), data);
             if (size)
                 break;
         }
@@ -276,14 +276,13 @@ static void
 WADList_AddAnimationFrames(const wad_t *wadlist)
 {
     int oldcount, i, j;
-    miptex_t name;
 
     oldcount = map.nummiptex();
 
     for (i = 0; i < oldcount; i++) {
-        if (map.miptex[i][0] != '+')
+        if (map.miptex.at(i)[0] != '+')
             continue;
-        name = map.miptex[i];
+        std::string name = map.miptex.at(i);
 
         /* Search for all animations (0-9) and alt-animations (A-J) */
         for (j = 0; j < 20; j++) {
diff --git a/qbsp/writebsp.cc b/qbsp/writebsp.cc
index 752045a5..35457ae0 100644
--- a/qbsp/writebsp.cc
+++ b/qbsp/writebsp.cc
@@ -224,7 +224,7 @@ ExportClipNodes(mapentity_t *entity, node_t *nodes, const int hullnum)
     /* Count nodes before this one */
     const int entnum = entity - &map.entities.at(0);
     for (i = 0; i < entnum; i++)
-        clipcount += map.entities[i].lumps[LUMP_CLIPNODES].count;
+        clipcount += map.entities.at(i).lumps[LUMP_CLIPNODES].count;
     model->headnode[hullnum] = clipcount + oldcount;
 
     CountClipNodes_r(entity, nodes);