From b5ea548038679c6a4de5012495d9fcc24fa571bc Mon Sep 17 00:00:00 2001 From: Exynox Date: Sun, 27 Nov 2022 01:10:23 +0200 Subject: [PATCH] Fixed off-by-one buffer overrun in map_allow_copy() function which would lead to malformed initialization network packets. Added address sanitizer in db CMake. --- db/CMakeLists.txt | 3 +++ game/src/config.cpp | 12 +++++------- game/src/config.h | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt index f9307a2..b41f783 100644 --- a/db/CMakeLists.txt +++ b/db/CMakeLists.txt @@ -26,3 +26,6 @@ find_package(Libevent CONFIG REQUIRED) target_link_libraries(${PROJECT_NAME} PRIVATE libevent::core libevent::extra libevent::pthreads) target_link_libraries(${PROJECT_NAME} PRIVATE libpoly libsql libthecore) + +# Memory debugging +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -g") diff --git a/game/src/config.cpp b/game/src/config.cpp index 4669444..ba195c9 100644 --- a/game/src/config.cpp +++ b/game/src/config.cpp @@ -169,18 +169,16 @@ void map_allow_add(int index) s_set_map_allows.insert(index); } -void map_allow_copy(LONG * pl, int size) +void map_allow_copy(int * pl, int size) { int iCount = 0; - std::set::iterator it = s_set_map_allows.begin(); - while (it != s_set_map_allows.end()) + for (auto mapId: s_set_map_allows) { - int i = *(it++); - *(pl++) = i; + if (iCount >= size) + break; - if (++iCount > size) - break; + pl[iCount++] = mapId; } } diff --git a/game/src/config.h b/game/src/config.h index 2ccfa7e..639b5f4 100644 --- a/game/src/config.h +++ b/game/src/config.h @@ -37,7 +37,7 @@ extern bool g_bTrafficProfileOn; ///< true extern BYTE g_bChannel; extern bool map_allow_find(int index); -extern void map_allow_copy(LONG * pl, int size); +extern void map_allow_copy(int * pl, int size); extern bool no_wander; extern int g_iUserLimit;