From 6761e213836e902359c5d0acff277623dc3e1588 Mon Sep 17 00:00:00 2001 From: Ekdohibs Date: Fri, 25 Aug 2017 13:06:59 +0200 Subject: Translations: prevent remote crash with invalid translations --- src/util/string.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/util/string.cpp b/src/util/string.cpp index 6335aeafe..bb2d2f6a7 100644 --- a/src/util/string.cpp +++ b/src/util/string.cpp @@ -866,7 +866,12 @@ void translate_string(const std::wstring &s, const std::wstring &textdomain, // Here we have an argument; get its index and add the translated argument to the output. int arg_index = toutput[j] - L'1'; ++j; - result << args[arg_index]; + if (0 <= arg_index && (size_t)arg_index < args.size()) { + result << args[arg_index]; + } else { + // This is not allowed: show an error message + errorstream << "Ignoring out-of-bounds argument escape sequence in translation" << std::endl; + } } res = result.str(); } -- cgit v1.2.3