JASS Tools
News
Download
Help
JASS Manual
-------------------------------------------------------------

Type casting

Type casting is possible in JASS by making use of what is called the return bug.

The return bug

Note: The return bug described in this page could be used to inject arbitrary code into warcraft III maps. Blizzard have removed this bug after of this security vulnerability. And added the hashtable type to the API as a semi-replacement. This page is left as a legacy record and is no longer useful.

Warcraft 3's JASS compiler and the world editor's parser allow return values different from the last return value of a function to be of any type no matter the return type it is supposed to return.

A classic example of the return bug is the following:

function H2I takes handle h returns integer
    return h
    return 0
endfunction

As you should note, the return value of the function is integer, last return statement returns 0, but actually, the only return value the function will consider is return h , it will return the handle argument it just took.

This function will take a handle argument and return an integer that is the pointer to that handle.

function I2H takes integer i returns handle
    return i
    return null
endfunction

This function will do the opposite it will take an integer and return the handle that is at the memory position the integer is pointing. It is also possible to type cast a handle value into a value of a handle descendant type:

function Handle2Unit takes handle h returns unit
    return h
endfunction

Note that in this case, an extra return statement is not required.

As for the handle type, you can retrieve a handle descendant type value from an integer.

function I2Item takes integer i returns item
    return i
    return null
endfunction

You can also type cast between different handle derived types, even if they don't share the same descendace tree.

function Unit2Item takes unit u returns item
    return u
    return null
endfunction

There is no logic for doing this unless you want to save a value of certain handle derived type in a variable of another handle derived type. Doing this for the arguments of native functions is the same as giving them null values.

Type casting also works between native types, with some considerations.

function Real2Int takes real r returns integer
    return r
    return 0
endfunction

If you are familiar with JAVA, you would assume this opperation will trunc the real, but that's not the case. The return value is different from the argument, and you can retrieve the real back with the inverse of this function, but it will crash if you give it a wron value.

function String2Int takes string s returns integer
    return s
    return 0
endfunction

Will return the pointer to the given string. Be careful with this operation, it seems that strings are recycled when they are no longer used by variables, and it won't consider typecasted integers. The inverse function will crash if you give it a wrong value.

Type casting between boolean and integer, will represent 1 for true and 0 for false,

Also, consider that the function that performs the type casting does not have to follow the patern of the functions stated here to work. The only thing required is the return value bug abuse.

For example:

function GetArrayMemberAsUnit takes integer i returns unit
    return udg_IntegerArray[i]
    return null
endfunction

function GetDyingDestructable takes nothing returns destructable
    return GetTriggerWidget()
endfunction

Also take advantage of the return bug. As a matter of fact GetDyingDestructable is a function from blizzard.j.

------------------------------------------------------------
Copyright (c) 2003 Jeff Pang
Not affiliated or endorsed by Blizzard Entertainment
SourceForge.net Logo