diff options
author | SmallJoker <SmallJoker@users.noreply.github.com> | 2021-08-23 14:10:17 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-23 14:10:17 +0200 |
commit | eea488ed75c9a158a398a971a16d5f7226b02f35 (patch) | |
tree | 5f8833200e67576ca461b357cbc8602b4a0cc290 /src | |
parent | dad87a360bdd99595ea9061f9c06bbacb4aceb9d (diff) | |
download | minetest-eea488ed75c9a158a398a971a16d5f7226b02f35.tar.gz minetest-eea488ed75c9a158a398a971a16d5f7226b02f35.tar.bz2 minetest-eea488ed75c9a158a398a971a16d5f7226b02f35.zip |
Inventory: Fix rare out-of-bounds access
Co-authored-by: Thomas--S <info@thomas-stangl.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/inventorymanager.cpp | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/inventorymanager.cpp b/src/inventorymanager.cpp index 1e81c1dbc..a159bf786 100644 --- a/src/inventorymanager.cpp +++ b/src/inventorymanager.cpp @@ -273,7 +273,7 @@ void IMoveAction::apply(InventoryManager *mgr, ServerActiveObject *player, IGame } if (!list_to) { infostream << "IMoveAction::apply(): FAIL: destination list not found: " - << "to_inv=\""<<to_inv.dump() << "\"" + << "to_inv=\"" << to_inv.dump() << "\"" << ", to_list=\"" << to_list << "\"" << std::endl; return; } @@ -322,12 +322,20 @@ void IMoveAction::apply(InventoryManager *mgr, ServerActiveObject *player, IGame return; } - if ((u16)to_i > list_to->getSize()) { + if (from_i < 0 || list_from->getSize() <= (u32) from_i) { + infostream << "IMoveAction::apply(): FAIL: source index out of bounds: " + << "size of from_list=\"" << list_from->getSize() << "\"" + << ", from_index=\"" << from_i << "\"" << std::endl; + return; + } + + if (to_i < 0 || list_to->getSize() <= (u32) to_i) { infostream << "IMoveAction::apply(): FAIL: destination index out of bounds: " - << "to_i=" << to_i - << ", size=" << list_to->getSize() << std::endl; + << "size of to_list=\"" << list_to->getSize() << "\"" + << ", to_index=\"" << to_i << "\"" << std::endl; return; } + /* Do not handle rollback if both inventories are that of the same player */ |