Mirrorlandia_minetest/minetest
1
0
Fork 1
mirror of https://github.com/minetest/minetest.git synced 2024-11-27 10:03:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

network: Fix crash in ReliablePacketBuffer on mismatching packets

Browse Source 
In the error condition the exception would be thrown before m_list_size
is decremented, causing a nullptr dereference in e.g. popFirst().
This commit is contained in:
sfan5 2019-08-15 17:17:17 +02:00
parent 082066e813
commit c4491165da
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/network/connection.cpp
View File

@ -322,6 +322,10 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected)
} }
if (s == seqnum) { if (s == seqnum) {
/* nothing to do this seems to be a resent packet */
/* for paranoia reason data should be compared */
--m_list_size;
if ( if (
(readU16(&(i->data[BASE_HEADER_SIZE+1])) != seqnum) || (readU16(&(i->data[BASE_HEADER_SIZE+1])) != seqnum) ||
(i->data.getSize() != p.data.getSize()) || (i->data.getSize() != p.data.getSize()) ||
@ -340,10 +344,6 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected)
p.address.serializeString().c_str()); p.address.serializeString().c_str());
throw IncomingDataCorruption("duplicated packet isn't same as original one"); throw IncomingDataCorruption("duplicated packet isn't same as original one");
} }
/* nothing to do this seems to be a resent packet */
/* for paranoia reason data should be compared */
--m_list_size;
} }
/* insert or push back */ /* insert or push back */
else if (i != m_list.end()) { else if (i != m_list.end()) {