From c4491165da36db5c6a3e401cd439dbaedb65c9b6 Mon Sep 17 00:00:00 2001
From: sfan5 <sfan5@live.de>
Date: Thu, 15 Aug 2019 17:17:17 +0200
Subject: [PATCH] network: Fix crash in ReliablePacketBuffer on mismatching
 packets

In the error condition the exception would be thrown before m_list_size
is decremented, causing a nullptr dereference in e.g. popFirst().
---
 src/network/connection.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/network/connection.cpp b/src/network/connection.cpp
index 913088da7b3d..3c6cc5f3f4cc 100644
--- a/src/network/connection.cpp
+++ b/src/network/connection.cpp
@@ -322,6 +322,10 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected)
 	}
 
 	if (s == seqnum) {
+		/* nothing to do this seems to be a resent packet */
+		/* for paranoia reason data should be compared */
+		--m_list_size;
+
 		if (
 			(readU16(&(i->data[BASE_HEADER_SIZE+1])) != seqnum) ||
 			(i->data.getSize() != p.data.getSize()) ||
@@ -340,10 +344,6 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected)
 					p.address.serializeString().c_str());
 			throw IncomingDataCorruption("duplicated packet isn't same as original one");
 		}
-
-		/* nothing to do this seems to be a resent packet */
-		/* for paranoia reason data should be compared */
-		--m_list_size;
 	}
 	/* insert or push back */
 	else if (i != m_list.end()) {