From 4b660a87d86cc4db00b562b82759adf1a88d4e20 Mon Sep 17 00:00:00 2001 From: Haoyu Qiu Date: Sun, 5 Jan 2020 11:08:24 +0800 Subject: [PATCH] Fixes crash for bad property of PackedScene --- scene/resources/packed_scene.cpp | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/scene/resources/packed_scene.cpp b/scene/resources/packed_scene.cpp index 5a2cd9a1c2b..14e024a4965 100644 --- a/scene/resources/packed_scene.cpp +++ b/scene/resources/packed_scene.cpp @@ -1097,6 +1097,14 @@ void SceneState::set_bundled_scene(const Dictionary &p_dictionary) { ERR_FAIL_COND_MSG(version > PACK_VERSION, "Save format version too new."); + const int node_count = p_dictionary["node_count"]; + const PoolVector snodes = p_dictionary["nodes"]; + ERR_FAIL_COND(snodes.size() != node_count); + + const int conn_count = p_dictionary["conn_count"]; + const PoolVector sconns = p_dictionary["conns"]; + ERR_FAIL_COND(sconns.size() != conn_count); + PoolVector snames = p_dictionary["names"]; if (snames.size()) { @@ -1121,13 +1129,11 @@ void SceneState::set_bundled_scene(const Dictionary &p_dictionary) { variants.clear(); } - nodes.resize(p_dictionary["node_count"]); - int nc = nodes.size(); - if (nc) { - PoolVector snodes = p_dictionary["nodes"]; + nodes.resize(node_count); + if (node_count) { PoolVector::Read r = snodes.read(); int idx = 0; - for (int i = 0; i < nc; i++) { + for (int i = 0; i < node_count; i++) { NodeData &nd = nodes.write[i]; nd.parent = r[idx++]; nd.owner = r[idx++]; @@ -1151,15 +1157,11 @@ void SceneState::set_bundled_scene(const Dictionary &p_dictionary) { } } - connections.resize(p_dictionary["conn_count"]); - int cc = connections.size(); - - if (cc) { - - PoolVector sconns = p_dictionary["conns"]; + connections.resize(conn_count); + if (conn_count) { PoolVector::Read r = sconns.read(); int idx = 0; - for (int i = 0; i < cc; i++) { + for (int i = 0; i < conn_count; i++) { ConnectionData &cd = connections.write[i]; cd.from = r[idx++]; cd.to = r[idx++];