gptbot/0ad
1
0
Fork 0
forked from mirrors/0ad
Code Pull Requests Activity

Fix segfault when sending a very large net chat message.

Browse Source 
This crash occured on the receiver machine, making it effectively a
remote crash attack.

Reported by: Riddler66
Based on a patch by: elexis
Fixes #5726

Differential Revision: https://code.wildfiregames.com/D2629
This was SVN commit r23918.
This commit is contained in:
wraitii
2020-08-01 15:25:13 +00:00
parent 5473393e30
commit 21cdcf44bc
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
source/ps/CStr.cpp
+5 -1
View File
@@ -1,4 +1,4 @@
/* Copyright (C) 2019 Wildfire Games.
/* Copyright (C) 2020 Wildfire Games.
* This file is part of 0 A.D.
*
* 0 A.D. is free software: you can redistribute it and/or modify
@@ -467,6 +467,8 @@ u8* CStrW::Serialize(u8* buffer) const
const u8* CStrW::Deserialize(const u8* buffer, const u8* bufferend)
{
ENSURE(buffer);
ENSURE(bufferend);
const u16 *strend = (const u16 *)buffer;
while ((const u8 *)strend < bufferend && *strend) strend++;
if ((const u8 *)strend >= bufferend) return NULL;
@@ -507,6 +509,8 @@ u8* CStr8::Serialize(u8* buffer) const
const u8* CStr8::Deserialize(const u8* buffer, const u8* bufferend)
{
ENSURE(buffer);
ENSURE(bufferend);
u32 len;
Deserialize_int_4(buffer, len);
if (buffer + len > bufferend)