Fix readFieldText not validating coordinates against screen bounds (#4)#7
Open
p0dalirius wants to merge 1 commit intomainfrom
Open
Fix readFieldText not validating coordinates against screen bounds (#4)#7p0dalirius wants to merge 1 commit intomainfrom
p0dalirius wants to merge 1 commit intomainfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Linked Issue
Closes #4
Root Cause
ScriptExecutor::readFieldText(row, col)forwarded the caller-supplied coordinates straight to the host'sScreenInterface::readFieldText, even though the neighbouring helperreadScreenText(row, col, length)already performs an equivalent bounds check (row < 0 || row >= m_screen->rows() || col < 0).EXPECT FIELD AT ...andEXTRACT $var FIELD AT ...therefore pushed negative or out-of-screen coordinates — including the-2, -2pair that results fromAT 0 0after the 1-based → 0-based conversion — across the library boundary, leaving behaviour entirely to the host implementation.Fix Description
Add the same style of bounds check that
readScreenTextalready uses, extended withcol >= m_screen->cols()(applicable here because this helper takes nolengthargument). When the coordinates are out of range, return an emptyQStringand do not dispatch to the screen. This is consistent with the existing "no field found" return contract documented onScreenInterface::readFieldTextand keeps the library defensive regardless of the host implementation's own robustness.How Verified
tests/test_script_executor_bounds.cpp::readFieldTextFiltersOutOfRangeCoordinates. The test installs aRecordingScreenScreenInterfacestub whosereadFieldTextrecords every(row, col)it is called with, then runs a script with fourEXTRACT $x FIELD AT ...lines (three out of range, one in range). It asserts that exactly one call reaches the screen and that the one call's coordinates match the in-range extract.if (false)and reran the test — it correctly failed with "Actual: 4, Expected: 1" at theQCOMPARE(screen.m_fieldCalls.size(), 1)assertion. Restoring the check made it pass again. This confirms the test exercises the bug, not a tautology.test_script_lexerandtest_script_parserboth still pass.Test Coverage
Added:
tests/test_script_executor_bounds.cpp::readFieldTextFiltersOutOfRangeCoordinates— uses a recordingScreenInterfacestub to observe that out-of-rangeEXTRACT FIELD AT/EXPECT FIELD ATcoordinates no longer reach the host screen. A newtest_script_executor_boundstest target is added toCMakeLists.txt.Scope of Change
src/script_executor.cpp,tests/test_script_executor_bounds.cpp(new),CMakeLists.txtRisk and Rollout
Local change. In-range queries behave exactly as before. Out-of-range queries that previously produced host-dependent behavior now consistently return an empty
QString, which theEXPECT FIELD CONTAINScomparison already handles correctly (returns false — the negated variant returns true — soNOTsemantics are preserved) andEXTRACT FIELDstores as an empty variable value.