diff options
| author | Thorbjørn Lindeijer <thorbjorn@lindeijer.nl> | 2011-04-09 20:35:35 +0200 |
|---|---|---|
| committer | Thorbjørn Lindeijer <thorbjorn@lindeijer.nl> | 2011-04-10 13:22:57 +0200 |
| commit | 289c0874808d79c995a8bbbe12d19e7245b7fb81 (patch) | |
| tree | 4fc0bd2c3d7f9b601afc329c16d465a9b8096957 /src/serialize | |
| parent | a7702e97b48037a61f191ad5d2bab127a06fe96a (diff) | |
| download | manaserv-289c0874808d79c995a8bbbe12d19e7245b7fb81.tar.gz manaserv-289c0874808d79c995a8bbbe12d19e7245b7fb81.tar.xz manaserv-289c0874808d79c995a8bbbe12d19e7245b7fb81.zip | |
Fixed infinite loop in deserializeCharacterData
Could happen on servers where a character is being communicated that has
something equipped.
The infinite loop was due to using "while (msg.getUnreadLength())" on a
message after having read one byte too much, causing it to miss the 0
bytes unread and count to minus infinity. This is a danger that we
should probably also fix generally.
The byte that was read too much was equipmentInSlotType, which I think
should have been the number of items equipped in a certain slot type.
This number is never written by the serializeCharacterData function and
also doesn't seem necessary. When multiple items are equipped in a
single equipment slot type, there will simply be multiple pairs
transmitted for that equipment slot type.
Reviewed-by: Freeyorp
Diffstat (limited to 'src/serialize')
| -rw-r--r-- | src/serialize/characterdata.h | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/src/serialize/characterdata.h b/src/serialize/characterdata.h index 203f4a7..4466c98 100644 --- a/src/serialize/characterdata.h +++ b/src/serialize/characterdata.h @@ -190,14 +190,10 @@ void deserializeCharacterData(T &data, MessageIn &msg) unsigned int eqSlot, invSlot; for (int j = 0; j < equipSlotsSize; ++j) { - int equipmentInSlotType = msg.readInt8(); - for (int k = 0; k < equipmentInSlotType; ++k) - { - eqSlot = msg.readInt8(); - invSlot = msg.readInt16(); - poss.equipSlots.insert(poss.equipSlots.end(), - std::make_pair(eqSlot, invSlot)); - } + eqSlot = msg.readInt8(); + invSlot = msg.readInt16(); + poss.equipSlots.insert(poss.equipSlots.end(), + std::make_pair(eqSlot, invSlot)); } poss.inventory.clear(); // inventory - must be last because size isn't transmitted @@ -209,7 +205,6 @@ void deserializeCharacterData(T &data, MessageIn &msg) i.amount = msg.readInt16(); poss.inventory.insert(poss.inventory.end(), std::make_pair(slotId, i)); } - } -#endif +#endif // SERIALIZE_CHARACTERDATA_H |