Skip to content
Permalink
Browse files

network: Fix crash in ReliablePacketBuffer on mismatching packets

In the error condition the exception would be thrown before m_list_size
is decremented, causing a nullptr dereference in e.g. popFirst().
  • Loading branch information...
sfan5 committed Aug 15, 2019
1 parent 082066e commit c4491165da36db5c6a3e401cd439dbaedb65c9b6
Showing with 4 additions and 4 deletions.
  1. +4 −4 src/network/connection.cpp
@@ -322,6 +322,10 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected)
}

if (s == seqnum) {
/* nothing to do this seems to be a resent packet */
/* for paranoia reason data should be compared */
--m_list_size;

if (
(readU16(&(i->data[BASE_HEADER_SIZE+1])) != seqnum) ||
(i->data.getSize() != p.data.getSize()) ||
@@ -340,10 +344,6 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected)
p.address.serializeString().c_str());
throw IncomingDataCorruption("duplicated packet isn't same as original one");
}

/* nothing to do this seems to be a resent packet */
/* for paranoia reason data should be compared */
--m_list_size;
}
/* insert or push back */
else if (i != m_list.end()) {

0 comments on commit c449116

Please sign in to comment.
You can’t perform that action at this time.