Merge branch 'fix_esmtool_afl_findings' into 'master'

Assumeru · Assumeru · commit c06f94fee875 · 2025-11-16T13:18:27.000Z
Check index for ESM4 race parts

See merge request OpenMW/openmw!4987
diff --git a/components/esm4/loadrace.cpp b/components/esm4/loadrace.cpp
@@ -27,11 +27,23 @@
 #include "loadrace.hpp"
 
 #include <cstring>
+#include <format>
+#include <optional>
 #include <stdexcept>
 
 #include "reader.hpp"
 //#include "writer.hpp"
 
+namespace
+{
+    decltype(auto) at(auto& values, std::uint32_t index, std::string_view name, ESM4::Reader& reader)
+    {
+        if (index >= values.size())
+            reader.fail(std::format("{} index is out of range: {} >= {}", name, index, values.size()));
+        return values[index];
+    }
+}
+
 void ESM4::Race::load(ESM4::Reader& reader)
 {
     mId = reader.getFormIdFromHeader();
@@ -44,7 +56,7 @@ void ESM4::Race::load(ESM4::Reader& reader)
 
     bool isMale = false;
     int currPart = -1; // 0 = head, 1 = body, 2 = egt, 3 = hkx
-    std::uint32_t currentIndex = 0xffffffff;
+    std::optional<std::uint32_t> currentIndex;
 
     while (reader.getSubRecordHeader())
     {
@@ -293,12 +305,14 @@ void ESM4::Race::load(ESM4::Reader& reader)
                     mHeadPartIdsFemale.resize(5);
                 }
 
-                currentIndex = 0xffffffff;
+                currentIndex.reset();
                 break;
             }
             case ESM::fourCC("INDX"):
             {
-                reader.get(currentIndex);
+                std::uint32_t value = 0;
+                reader.get(value);
+                currentIndex = value;
                 // FIXME: below check is rather useless
                 // if (headpart)
                 //{
@@ -315,25 +329,26 @@ void ESM4::Race::load(ESM4::Reader& reader)
             }
             case ESM::fourCC("MODL"):
             {
-                if (currentIndex == 0xffffffff)
+                if (!currentIndex.has_value())
                 {
                     reader.skipSubRecordData();
                 }
                 else if (currPart == 0) // head part
                 {
                     if (isMale || isTES4)
-                        reader.getZString(mHeadParts[currentIndex].mesh);
+                        reader.getZString(at(mHeadParts, *currentIndex, "head parts", reader).mesh);
                     else
-                        reader.getZString(mHeadPartsFemale[currentIndex].mesh); // TODO: check TES4
+                        // TODO: check TES4
+                        reader.getZString(at(mHeadPartsFemale, *currentIndex, "head parts female", reader).mesh);
 
                     // TES5 keeps head part formid in mHeadPartIdsMale and mHeadPartIdsFemale
                 }
                 else if (currPart == 1) // body part
                 {
                     if (isMale)
-                        reader.getZString(mBodyPartsMale[currentIndex].mesh);
+                        reader.getZString(at(mBodyPartsMale, *currentIndex, "body parts male", reader).mesh);
                     else
-                        reader.getZString(mBodyPartsFemale[currentIndex].mesh);
+                        reader.getZString(at(mBodyPartsFemale, *currentIndex, "body parts female", reader).mesh);
 
                     // TES5 seems to have no body parts at all, instead keep EGT models
                 }
@@ -355,23 +370,24 @@ void ESM4::Race::load(ESM4::Reader& reader)
                 break; // always 0x0000?
             case ESM::fourCC("ICON"):
             {
-                if (currentIndex == 0xffffffff)
+                if (!currentIndex.has_value())
                 {
                     reader.skipSubRecordData();
                 }
                 else if (currPart == 0) // head part
                 {
                     if (isMale || isTES4)
-                        reader.getZString(mHeadParts[currentIndex].texture);
+                        reader.getZString(at(mHeadParts, *currentIndex, "head parts", reader).texture);
                     else
-                        reader.getZString(mHeadPartsFemale[currentIndex].texture); // TODO: check TES4
+                        // TODO: check TES4
+                        reader.getZString(at(mHeadPartsFemale, *currentIndex, "head parts female", reader).texture);
                 }
                 else if (currPart == 1) // body part
                 {
                     if (isMale)
-                        reader.getZString(mBodyPartsMale[currentIndex].texture);
+                        reader.getZString(at(mBodyPartsMale, *currentIndex, "body parts male", reader).texture);
                     else
-                        reader.getZString(mBodyPartsFemale[currentIndex].texture);
+                        reader.getZString(at(mBodyPartsFemale, *currentIndex, "body parts female", reader).texture);
                 }
                 else
                     reader.skipSubRecordData(); // FIXME TES5
@@ -402,7 +418,7 @@ void ESM4::Race::load(ESM4::Reader& reader)
                 if (isTES4)
                     currentIndex = 4; // FIXME: argonian tail mesh without preceeding INDX
                 else
-                    currentIndex = 0xffffffff;
+                    currentIndex.reset();
 
                 break;
             }
@@ -589,20 +605,20 @@ void ESM4::Race::load(ESM4::Reader& reader)
                 ESM::FormId formId;
                 reader.getFormId(formId);
 
-                if (currentIndex != 0xffffffff)
+                if (currentIndex.has_value())
                 {
                     // FIXME: no order? head, mouth, eyes, brow, hair
                     if (isMale)
                     {
                         if (currentIndex >= mHeadPartIdsMale.size())
-                            mHeadPartIdsMale.resize(currentIndex + 1);
-                        mHeadPartIdsMale[currentIndex] = formId;
+                            mHeadPartIdsMale.resize(*currentIndex + 1);
+                        mHeadPartIdsMale[*currentIndex] = formId;
                     }
                     else
                     {
                         if (currentIndex >= mHeadPartIdsFemale.size())
-                            mHeadPartIdsFemale.resize(currentIndex + 1);
-                        mHeadPartIdsFemale[currentIndex] = formId;
+                            mHeadPartIdsFemale.resize(*currentIndex + 1);
+                        mHeadPartIdsFemale[*currentIndex] = formId;
                     }
                 }
 

Original file line number	Diff line number	Diff line change
`@@ -27,11 +27,23 @@`
`27`	`27`	`#include "loadrace.hpp"`
`28`	`28`
`29`	`29`	`#include <cstring>`
	`30`	`+#include <format>`
	`31`	`+#include <optional>`
`30`	`32`	`#include <stdexcept>`
`31`	`33`
`32`	`34`	`#include "reader.hpp"`
`33`	`35`	`//#include "writer.hpp"`
`34`	`36`
	`37`	`+namespace`
	`38`	`+{`
	`39`	`+ decltype(auto) at(auto& values, std::uint32_t index, std::string_view name, ESM4::Reader& reader)`
	`40`	`+ {`
	`41`	`+ if (index >= values.size())`
	`42`	`+ reader.fail(std::format("{} index is out of range: {} >= {}", name, index, values.size()));`
	`43`	`+ return values[index];`
	`44`	`+ }`
	`45`	`+}`
	`46`	`+`
`35`	`47`	`void ESM4::Race::load(ESM4::Reader& reader)`
`36`	`48`	`{`
`37`	`49`	`mId = reader.getFormIdFromHeader();`
`@@ -44,7 +56,7 @@ void ESM4::Race::load(ESM4::Reader& reader)`
`44`	`56`
`45`	`57`	`bool isMale = false;`
`46`	`58`	`int currPart = -1; // 0 = head, 1 = body, 2 = egt, 3 = hkx`
`47`		`- std::uint32_t currentIndex = 0xffffffff;`
	`59`	`+ std::optional<std::uint32_t> currentIndex;`
`48`	`60`
`49`	`61`	`while (reader.getSubRecordHeader())`
`50`	`62`	`{`
`@@ -293,12 +305,14 @@ void ESM4::Race::load(ESM4::Reader& reader)`
`293`	`305`	`mHeadPartIdsFemale.resize(5);`
`294`	`306`	`}`
`295`	`307`
`296`		`- currentIndex = 0xffffffff;`
	`308`	`+ currentIndex.reset();`
`297`	`309`	`break;`
`298`	`310`	`}`
`299`	`311`	`case ESM::fourCC("INDX"):`
`300`	`312`	`{`
`301`		`- reader.get(currentIndex);`
	`313`	`+ std::uint32_t value = 0;`
	`314`	`+ reader.get(value);`
	`315`	`+ currentIndex = value;`
`302`	`316`	`// FIXME: below check is rather useless`
`303`	`317`	`// if (headpart)`
`304`	`318`	`//{`
`@@ -315,25 +329,26 @@ void ESM4::Race::load(ESM4::Reader& reader)`
`315`	`329`	`}`
`316`	`330`	`case ESM::fourCC("MODL"):`
`317`	`331`	`{`
`318`		`- if (currentIndex == 0xffffffff)`
	`332`	`+ if (!currentIndex.has_value())`
`319`	`333`	`{`
`320`	`334`	`reader.skipSubRecordData();`
`321`	`335`	`}`
`322`	`336`	`else if (currPart == 0) // head part`
`323`	`337`	`{`
`324`	`338`	`if (isMale \|\| isTES4)`
`325`		`- reader.getZString(mHeadParts[currentIndex].mesh);`
	`339`	`+ reader.getZString(at(mHeadParts, *currentIndex, "head parts", reader).mesh);`
`326`	`340`	`else`
`327`		`- reader.getZString(mHeadPartsFemale[currentIndex].mesh); // TODO: check TES4`
	`341`	`+ // TODO: check TES4`
	`342`	`+ reader.getZString(at(mHeadPartsFemale, *currentIndex, "head parts female", reader).mesh);`
`328`	`343`
`329`	`344`	`// TES5 keeps head part formid in mHeadPartIdsMale and mHeadPartIdsFemale`
`330`	`345`	`}`
`331`	`346`	`else if (currPart == 1) // body part`
`332`	`347`	`{`
`333`	`348`	`if (isMale)`
`334`		`- reader.getZString(mBodyPartsMale[currentIndex].mesh);`
	`349`	`+ reader.getZString(at(mBodyPartsMale, *currentIndex, "body parts male", reader).mesh);`
`335`	`350`	`else`
`336`		`- reader.getZString(mBodyPartsFemale[currentIndex].mesh);`
	`351`	`+ reader.getZString(at(mBodyPartsFemale, *currentIndex, "body parts female", reader).mesh);`
`337`	`352`
`338`	`353`	`// TES5 seems to have no body parts at all, instead keep EGT models`
`339`	`354`	`}`
`@@ -355,23 +370,24 @@ void ESM4::Race::load(ESM4::Reader& reader)`
`355`	`370`	`break; // always 0x0000?`
`356`	`371`	`case ESM::fourCC("ICON"):`
`357`	`372`	`{`
`358`		`- if (currentIndex == 0xffffffff)`
	`373`	`+ if (!currentIndex.has_value())`
`359`	`374`	`{`
`360`	`375`	`reader.skipSubRecordData();`
`361`	`376`	`}`
`362`	`377`	`else if (currPart == 0) // head part`
`363`	`378`	`{`
`364`	`379`	`if (isMale \|\| isTES4)`
`365`		`- reader.getZString(mHeadParts[currentIndex].texture);`
	`380`	`+ reader.getZString(at(mHeadParts, *currentIndex, "head parts", reader).texture);`
`366`	`381`	`else`
`367`		`- reader.getZString(mHeadPartsFemale[currentIndex].texture); // TODO: check TES4`
	`382`	`+ // TODO: check TES4`
	`383`	`+ reader.getZString(at(mHeadPartsFemale, *currentIndex, "head parts female", reader).texture);`
`368`	`384`	`}`
`369`	`385`	`else if (currPart == 1) // body part`
`370`	`386`	`{`
`371`	`387`	`if (isMale)`
`372`		`- reader.getZString(mBodyPartsMale[currentIndex].texture);`
	`388`	`+ reader.getZString(at(mBodyPartsMale, *currentIndex, "body parts male", reader).texture);`
`373`	`389`	`else`
`374`		`- reader.getZString(mBodyPartsFemale[currentIndex].texture);`
	`390`	`+ reader.getZString(at(mBodyPartsFemale, *currentIndex, "body parts female", reader).texture);`
`375`	`391`	`}`
`376`	`392`	`else`
`377`	`393`	`reader.skipSubRecordData(); // FIXME TES5`
`@@ -402,7 +418,7 @@ void ESM4::Race::load(ESM4::Reader& reader)`
`402`	`418`	`if (isTES4)`
`403`	`419`	`currentIndex = 4; // FIXME: argonian tail mesh without preceeding INDX`
`404`	`420`	`else`
`405`		`- currentIndex = 0xffffffff;`
	`421`	`+ currentIndex.reset();`
`406`	`422`
`407`	`423`	`break;`
`408`	`424`	`}`
`@@ -589,20 +605,20 @@ void ESM4::Race::load(ESM4::Reader& reader)`
`589`	`605`	`ESM::FormId formId;`
`590`	`606`	`reader.getFormId(formId);`
`591`	`607`
`592`		`- if (currentIndex != 0xffffffff)`
	`608`	`+ if (currentIndex.has_value())`
`593`	`609`	`{`
`594`	`610`	`// FIXME: no order? head, mouth, eyes, brow, hair`
`595`	`611`	`if (isMale)`
`596`	`612`	`{`
`597`	`613`	`if (currentIndex >= mHeadPartIdsMale.size())`
`598`		`- mHeadPartIdsMale.resize(currentIndex + 1);`
`599`		`- mHeadPartIdsMale[currentIndex] = formId;`
	`614`	`+ mHeadPartIdsMale.resize(*currentIndex + 1);`
	`615`	`+ mHeadPartIdsMale[*currentIndex] = formId;`
`600`	`616`	`}`
`601`	`617`	`else`
`602`	`618`	`{`
`603`	`619`	`if (currentIndex >= mHeadPartIdsFemale.size())`
`604`		`- mHeadPartIdsFemale.resize(currentIndex + 1);`
`605`		`- mHeadPartIdsFemale[currentIndex] = formId;`
	`620`	`+ mHeadPartIdsFemale.resize(*currentIndex + 1);`
	`621`	`+ mHeadPartIdsFemale[*currentIndex] = formId;`
`606`	`622`	`}`
`607`	`623`	`}`
`608`	`624`