Fix segfault when sending a very large net chat message.
This crash occured on the receiver machine, making it effectively a remote crash attack. Reported by: Riddler66 Based on a patch by: elexis Fixes #5726 Differential Revision: https://code.wildfiregames.com/D2629 This was SVN commit r23918.
This commit is contained in:
parent
5473393e30
commit
21cdcf44bc
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2015 Wildfire Games.
|
||||
/* Copyright (C) 2020 Wildfire Games.
|
||||
* This file is part of 0 A.D.
|
||||
*
|
||||
* 0 A.D. is free software: you can redistribute it and/or modify
|
||||
@ -221,6 +221,7 @@ u8 *_nm::Serialize(u8 *buffer) const \
|
||||
const u8 *_nm::Deserialize(const u8 *pos, const u8 *end) \
|
||||
{ \
|
||||
pos=_base::Deserialize(pos, end); \
|
||||
if (pos == NULL) BAIL_DESERIALIZER;\
|
||||
_nm *thiz=this; \
|
||||
/*printf("In Deserialize" #_nm "\n"); */\
|
||||
UNUSED2(thiz); // preempt any "unused" warning
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 2019 Wildfire Games.
|
||||
/* Copyright (C) 2020 Wildfire Games.
|
||||
* This file is part of 0 A.D.
|
||||
*
|
||||
* 0 A.D. is free software: you can redistribute it and/or modify
|
||||
@ -467,6 +467,8 @@ u8* CStrW::Serialize(u8* buffer) const
|
||||
|
||||
const u8* CStrW::Deserialize(const u8* buffer, const u8* bufferend)
|
||||
{
|
||||
ENSURE(buffer);
|
||||
ENSURE(bufferend);
|
||||
const u16 *strend = (const u16 *)buffer;
|
||||
while ((const u8 *)strend < bufferend && *strend) strend++;
|
||||
if ((const u8 *)strend >= bufferend) return NULL;
|
||||
@ -507,6 +509,8 @@ u8* CStr8::Serialize(u8* buffer) const
|
||||
|
||||
const u8* CStr8::Deserialize(const u8* buffer, const u8* bufferend)
|
||||
{
|
||||
ENSURE(buffer);
|
||||
ENSURE(bufferend);
|
||||
u32 len;
|
||||
Deserialize_int_4(buffer, len);
|
||||
if (buffer + len > bufferend)
|
||||
|
Loading…
Reference in New Issue
Block a user