[openjk] 02/11: icarus: fix bounds check when loading from savegames

Sun Jan 22 10:23:05 UTC 2017

This is an automated email from the git hooks/post-receive script.

smcv pushed a commit to branch debian/master
in repository openjk.

commit 291e1973edd61c777a655af2d8f23f8bc2126f35
Author: Simon McVittie <smcv at debian.org>
Date:   Sat Jan 21 15:06:40 2017 +0000

    icarus: fix bounds check when loading from savegames
    
    m_byBuffer is a pointer to a fixed amount of dynamically allocated
    memory, not a statically allocated buffer, so sizeof() is the wrong
    tool here. Use the actual size of the buffer instead.
    
    Also, reading the full size of the buffer is fine, because we aren't
    going to append '\0' afterwards like we do in the other places
    touched by #881, so use > instead of >=.
    
    Fixes #902
    
    Signed-off-by: Simon McVittie <smcv at debian.org>
---
 code/icarus/IcarusImplementation.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/code/icarus/IcarusImplementation.cpp b/code/icarus/IcarusImplementation.cpp
index 7d2fc8f..cc89333 100644
--- a/code/icarus/IcarusImplementation.cpp
+++ b/code/icarus/IcarusImplementation.cpp
@@ -718,7 +718,7 @@ int CIcarus::Load()
 
 	int sg_buffer_size = saved_game.get_buffer_size();
 
-	if (sg_buffer_size < 0 || static_cast<size_t>(sg_buffer_size) >= sizeof(m_byBuffer))
+	if (sg_buffer_size < 0 || static_cast<size_t>(sg_buffer_size) > MAX_BUFFER_SIZE)
 	{
 		sg_buffer_size = 0;
 	}
@@ -858,7 +858,7 @@ void CIcarus::BufferRead( void *pDstBuff, unsigned long ulNumBytesToRead )
 
 		int sg_buffer_size = saved_game.get_buffer_size();
 
-		if (sg_buffer_size < 0 || static_cast<size_t>(sg_buffer_size) >= sizeof(m_byBuffer))
+		if (sg_buffer_size < 0 || static_cast<size_t>(sg_buffer_size) > MAX_BUFFER_SIZE)
 		{
 			sg_buffer_size = 0;
 		}

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/openjk.git

