From 417e9187d92eaa92e54bfb109adf816501ef9282 Mon Sep 17 00:00:00 2001
From: toasterbabe <rollerorbital@gmail.com>
Date: Thu, 14 Jul 2016 14:45:15 +0100
Subject: [PATCH] Realised the potential for out-of-bounds memory accessing, so
 put some limits in place to prevent that from happening.

(skin->availability is a UINT8, so it'll never be negative)
---
 src/r_things.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/r_things.c b/src/r_things.c
index 9a20432c1a..7cdd9d36a1 100644
--- a/src/r_things.c
+++ b/src/r_things.c
@@ -2639,7 +2639,9 @@ void R_AddSkins(UINT16 wadnum)
 			else if (!stricmp(stoken, "availability"))
 			{
 				skin->availability = atoi(value);
-				if (skin->availability && (skin->availability < MAXUNLOCKABLES))
+				if (skin->availability >= MAXUNLOCKABLES)
+					skin->availability = 0;
+				if (skin->availability)
 					STRBUFCPY(unlockables[skin->availability - 1].name, skin->realname);
 			}
 
-- 
GitLab