Skip to content
Permalink
Browse files

Don't serialize StaticObjectList with > 65535 objects

Because the count is serialized as u16, this would cause overflow.

If minetest later deserialized a mapblock with an incorrect
static object count, it would be unable to find the NameIdMapping
(which comes after the StaticObjectList) and abort with an error
such as "Invalid block data in database: unsupported NameIdMapping
version" (issue #2610).
  • Loading branch information
kahrl committed Sep 28, 2015
1 parent ffe291c commit 0cde03254a6564eaec21603e9add4f14e6c2fe52
Showing with 13 additions and 1 deletion.
  1. +13 −1 src/staticobject.cpp
@@ -19,6 +19,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,

#include "staticobject.h"
#include "util/serialize.h"
#include "log.h"

void StaticObject::serialize(std::ostream &os)
{
@@ -44,9 +45,20 @@ void StaticObjectList::serialize(std::ostream &os)
// version
u8 version = 0;
writeU8(os, version);

// count
u16 count = m_stored.size() + m_active.size();
size_t count = m_stored.size() + m_active.size();
// Make sure it fits into u16, else it would get truncated and cause e.g.
// issue #2610 (Invalid block data in database: unsupported NameIdMapping version).
if (count > (u16)-1) {
errorstream << "StaticObjectList::serialize(): "
<< "too many objects (" << count << ") in list, "
<< "not writing them to disk." << std::endl;
writeU16(os, 0); // count = 0
return;
}
writeU16(os, count);

for(std::vector<StaticObject>::iterator
i = m_stored.begin();
i != m_stored.end(); ++i) {

0 comments on commit 0cde032

Please sign in to comment.
You can’t perform that action at this time.