Guard UAD action index lookups

203Null · 203Null · commit faa23559d0b2 · 2026-04-07T20:14:29.000-04:00
Add bounds checks before reading action and effect signatures from the UAD lookup lists.

- reject out-of-range action indexes before indexing actionList
- reject out-of-range effect indexes before indexing effectList
- fail with explicit logs instead of risking undefined behavior on malformed UAD data
diff --git a/Applications/CustomControlMap/Actions/Actions.cpp b/Applications/CustomControlMap/Actions/Actions.cpp
@@ -34,11 +34,21 @@ bool UADRuntime::ExecuteAction(ActionInfo* actionInfo, cb0r_t actionData, Action
 
     if(actionInfo->actionType == ActionType::ACTION)
     {
+        if (action_index.value >= actionList.size())
+        {
+            MLOGE(TAG, "Action index out of range: %d (size=%d)", action_index.value, actionList.size());
+            return false;
+        }
         action_signature = actionList[action_index.value];
         MLOGV(TAG, "Executing action - %d", action_signature);
     }
     else if(actionInfo->actionType == ActionType::EFFECT)
     {
+        if (action_index.value >= effectList.size())
+        {
+            MLOGE(TAG, "Effect index out of range: %d (size=%d)", action_index.value, effectList.size());
+            return false;
+        }
         action_signature = effectList[action_index.value];
         MLOGV(TAG, "Executing effect - %d", action_signature);
     }
@@ -75,4 +85,4 @@ bool UADRuntime::ExecuteAction(ActionInfo* actionInfo, cb0r_t actionData, Action
         }
     }
     return false;
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -34,11 +34,21 @@ bool UADRuntime::ExecuteAction(ActionInfo* actionInfo, cb0r_t actionData, Action`
`34`	`34`
`35`	`35`	`if(actionInfo->actionType == ActionType::ACTION)`
`36`	`36`	`{`
	`37`	`+ if (action_index.value >= actionList.size())`
	`38`	`+ {`
	`39`	`+ MLOGE(TAG, "Action index out of range: %d (size=%d)", action_index.value, actionList.size());`
	`40`	`+ return false;`
	`41`	`+ }`
`37`	`42`	`action_signature = actionList[action_index.value];`
`38`	`43`	`MLOGV(TAG, "Executing action - %d", action_signature);`
`39`	`44`	`}`
`40`	`45`	`else if(actionInfo->actionType == ActionType::EFFECT)`
`41`	`46`	`{`
	`47`	`+ if (action_index.value >= effectList.size())`
	`48`	`+ {`
	`49`	`+ MLOGE(TAG, "Effect index out of range: %d (size=%d)", action_index.value, effectList.size());`
	`50`	`+ return false;`
	`51`	`+ }`
`42`	`52`	`action_signature = effectList[action_index.value];`
`43`	`53`	`MLOGV(TAG, "Executing effect - %d", action_signature);`
`44`	`54`	`}`
`@@ -75,4 +85,4 @@ bool UADRuntime::ExecuteAction(ActionInfo* actionInfo, cb0r_t actionData, Action`
`75`	`85`	`}`
`76`	`86`	`}`
`77`	`87`	`return false;`
`78`		`-}`
	`88`	`+}`