forked from metin2/server
Fixed off-by-one buffer overrun in map_allow_copy() function which would lead to malformed initialization network packets. Added address sanitizer in db CMake.
This commit is contained in:
parent
c8abacafaf
commit
b5ea548038
@ -26,3 +26,6 @@ find_package(Libevent CONFIG REQUIRED)
|
||||
target_link_libraries(${PROJECT_NAME} PRIVATE libevent::core libevent::extra libevent::pthreads)
|
||||
|
||||
target_link_libraries(${PROJECT_NAME} PRIVATE libpoly libsql libthecore)
|
||||
|
||||
# Memory debugging
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -g")
|
||||
|
@ -169,18 +169,16 @@ void map_allow_add(int index)
|
||||
s_set_map_allows.insert(index);
|
||||
}
|
||||
|
||||
void map_allow_copy(LONG * pl, int size)
|
||||
void map_allow_copy(int * pl, int size)
|
||||
{
|
||||
int iCount = 0;
|
||||
std::set<int>::iterator it = s_set_map_allows.begin();
|
||||
|
||||
while (it != s_set_map_allows.end())
|
||||
for (auto mapId: s_set_map_allows)
|
||||
{
|
||||
int i = *(it++);
|
||||
*(pl++) = i;
|
||||
|
||||
if (++iCount > size)
|
||||
if (iCount >= size)
|
||||
break;
|
||||
|
||||
pl[iCount++] = mapId;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -37,7 +37,7 @@ extern bool g_bTrafficProfileOn; ///< true
|
||||
extern BYTE g_bChannel;
|
||||
|
||||
extern bool map_allow_find(int index);
|
||||
extern void map_allow_copy(LONG * pl, int size);
|
||||
extern void map_allow_copy(int * pl, int size);
|
||||
extern bool no_wander;
|
||||
|
||||
extern int g_iUserLimit;
|
||||
|
Loading…
Reference in New Issue
Block a user