diff options
| author | sfan5 <sfan5@live.de> | 2019-08-15 17:17:17 +0200 |
|---|---|---|
| committer | sfan5 <sfan5@live.de> | 2019-08-15 19:18:54 +0200 |
| commit | c4491165da36db5c6a3e401cd439dbaedb65c9b6 (patch) | |
| tree | 2e95264cbc58ac163da5ce59cc7951adcf39030e | |
| parent | 082066e81393618152c279cccb98e0a05a0aebea (diff) | |
| download | minetest-c4491165da36db5c6a3e401cd439dbaedb65c9b6.tar.gz minetest-c4491165da36db5c6a3e401cd439dbaedb65c9b6.tar.bz2 minetest-c4491165da36db5c6a3e401cd439dbaedb65c9b6.zip | |
network: Fix crash in ReliablePacketBuffer on mismatching packets
In the error condition the exception would be thrown before m_list_size
is decremented, causing a nullptr dereference in e.g. popFirst().
| -rw-r--r-- | src/network/connection.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/network/connection.cpp b/src/network/connection.cpp index 913088da7..3c6cc5f3f 100644 --- a/src/network/connection.cpp +++ b/src/network/connection.cpp @@ -322,6 +322,10 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected) } if (s == seqnum) { + /* nothing to do this seems to be a resent packet */ + /* for paranoia reason data should be compared */ + --m_list_size; + if ( (readU16(&(i->data[BASE_HEADER_SIZE+1])) != seqnum) || (i->data.getSize() != p.data.getSize()) || @@ -340,10 +344,6 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected) p.address.serializeString().c_str()); throw IncomingDataCorruption("duplicated packet isn't same as original one"); } - - /* nothing to do this seems to be a resent packet */ - /* for paranoia reason data should be compared */ - --m_list_size; } /* insert or push back */ else if (i != m_list.end()) { |