fix a bug which could cause the terrain_builder to crash

The terrain builder logic assumes that the min_types list is empty whenever the min_constraint pointer is null, and based on this, dereferences the pointer. However, in subsequent passes of the outer loop the pointer is initialized to null while the list is not cleared. According to coverity this can actually cause a null pointer dereference in explicit cases. We fix it by explicitly re-initializing the list on each pass.
wesnoth · Jul 1, 2014 · 1316fc1 · 1316fc1
1 parent e7901f5
commit 1316fc1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/terrain_builder.cpp b/src/terrain_builder.cpp
@@ -1093,7 +1093,7 @@ void terrain_builder::build_terrains()
 		// We will keep a track of the matching terrains of this constraint
 		// and later try to apply the rule only on them
 		size_t min_size = INT_MAX;
-		t_translation::t_list min_types;
+		t_translation::t_list min_types = t_translation::t_list(); // <-- This must be explicitly initialized, just as min_constraint is, at start of loop, or we get a null pointer dereference when we go through on later times.
 		const terrain_constraint *min_constraint = NULL;
 
 		BOOST_FOREACH(const terrain_constraint &constraint, rule.constraints)