aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsfan5 <sfan5@live.de>2019-08-15 17:17:17 +0200
committersfan5 <sfan5@live.de>2019-08-15 19:18:54 +0200
commitc4491165da36db5c6a3e401cd439dbaedb65c9b6 (patch)
tree2e95264cbc58ac163da5ce59cc7951adcf39030e
parent082066e81393618152c279cccb98e0a05a0aebea (diff)
downloadminetest-c4491165da36db5c6a3e401cd439dbaedb65c9b6.tar.gz
minetest-c4491165da36db5c6a3e401cd439dbaedb65c9b6.tar.bz2
minetest-c4491165da36db5c6a3e401cd439dbaedb65c9b6.zip
network: Fix crash in ReliablePacketBuffer on mismatching packets
In the error condition the exception would be thrown before m_list_size is decremented, causing a nullptr dereference in e.g. popFirst().
-rw-r--r--src/network/connection.cpp8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/network/connection.cpp b/src/network/connection.cpp
index 913088da7..3c6cc5f3f 100644
--- a/src/network/connection.cpp
+++ b/src/network/connection.cpp
@@ -322,6 +322,10 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected)
}
if (s == seqnum) {
+ /* nothing to do this seems to be a resent packet */
+ /* for paranoia reason data should be compared */
+ --m_list_size;
+
if (
(readU16(&(i->data[BASE_HEADER_SIZE+1])) != seqnum) ||
(i->data.getSize() != p.data.getSize()) ||
@@ -340,10 +344,6 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected)
p.address.serializeString().c_str());
throw IncomingDataCorruption("duplicated packet isn't same as original one");
}
-
- /* nothing to do this seems to be a resent packet */
- /* for paranoia reason data should be compared */
- --m_list_size;
}
/* insert or push back */
else if (i != m_list.end()) {