aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorSmallJoker <SmallJoker@users.noreply.github.com>2021-08-23 14:10:17 +0200
committerGitHub <noreply@github.com>2021-08-23 14:10:17 +0200
commiteea488ed75c9a158a398a971a16d5f7226b02f35 (patch)
tree5f8833200e67576ca461b357cbc8602b4a0cc290 /src
parentdad87a360bdd99595ea9061f9c06bbacb4aceb9d (diff)
downloadminetest-eea488ed75c9a158a398a971a16d5f7226b02f35.tar.gz
minetest-eea488ed75c9a158a398a971a16d5f7226b02f35.tar.bz2
minetest-eea488ed75c9a158a398a971a16d5f7226b02f35.zip
Inventory: Fix rare out-of-bounds access
Co-authored-by: Thomas--S <info@thomas-stangl.de>
Diffstat (limited to 'src')
-rw-r--r--src/inventorymanager.cpp16
1 files changed, 12 insertions, 4 deletions
diff --git a/src/inventorymanager.cpp b/src/inventorymanager.cpp
index 1e81c1dbc..a159bf786 100644
--- a/src/inventorymanager.cpp
+++ b/src/inventorymanager.cpp
@@ -273,7 +273,7 @@ void IMoveAction::apply(InventoryManager *mgr, ServerActiveObject *player, IGame
}
if (!list_to) {
infostream << "IMoveAction::apply(): FAIL: destination list not found: "
- << "to_inv=\""<<to_inv.dump() << "\""
+ << "to_inv=\"" << to_inv.dump() << "\""
<< ", to_list=\"" << to_list << "\"" << std::endl;
return;
}
@@ -322,12 +322,20 @@ void IMoveAction::apply(InventoryManager *mgr, ServerActiveObject *player, IGame
return;
}
- if ((u16)to_i > list_to->getSize()) {
+ if (from_i < 0 || list_from->getSize() <= (u32) from_i) {
+ infostream << "IMoveAction::apply(): FAIL: source index out of bounds: "
+ << "size of from_list=\"" << list_from->getSize() << "\""
+ << ", from_index=\"" << from_i << "\"" << std::endl;
+ return;
+ }
+
+ if (to_i < 0 || list_to->getSize() <= (u32) to_i) {
infostream << "IMoveAction::apply(): FAIL: destination index out of bounds: "
- << "to_i=" << to_i
- << ", size=" << list_to->getSize() << std::endl;
+ << "size of to_list=\"" << list_to->getSize() << "\""
+ << ", to_index=\"" << to_i << "\"" << std::endl;
return;
}
+
/*
Do not handle rollback if both inventories are that of the same player
*/