Mirrors/overte
3
0
Fork 0
mirror of https://github.com/overte-org/overte.git synced 2025-08-06 18:50:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #3348 from ZappoMan/virtualEntities

Browse source 
patch for possible static memory corruption on large edit entity messages
This commit is contained in:
Stephen Birarda 2014-09-04 10:48:59 -07:00
commit 2678bd3d9e
2 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
libraries/entities/src/EntityEditPacketSender.cpp
View file

@ -32,7 +32,7 @@ void EntityEditPacketSender::queueEditEntityMessage(PacketType type, EntityItemI
} }
// use MAX_PACKET_SIZE since it's static and guaranteed to be larger than _maxPacketSize // use MAX_PACKET_SIZE since it's static and guaranteed to be larger than _maxPacketSize
static unsigned char bufferOut[MAX_PACKET_SIZE]; unsigned char bufferOut[MAX_PACKET_SIZE];
int sizeOut = 0; int sizeOut = 0;
if (EntityItemProperties::encodeEntityEditPacket(type, modelID, properties, &bufferOut[0], _maxPacketSize, sizeOut)) { if (EntityItemProperties::encodeEntityEditPacket(type, modelID, properties, &bufferOut[0], _maxPacketSize, sizeOut)) {
@ -45,7 +45,7 @@ void EntityEditPacketSender::queueEraseEntityMessage(const EntityItemID& entityI
return; // bail early return; // bail early
} }
// use MAX_PACKET_SIZE since it's static and guaranteed to be larger than _maxPacketSize // use MAX_PACKET_SIZE since it's static and guaranteed to be larger than _maxPacketSize
static unsigned char bufferOut[MAX_PACKET_SIZE]; unsigned char bufferOut[MAX_PACKET_SIZE];
size_t sizeOut = 0; size_t sizeOut = 0;
if (EntityItemProperties::encodeEraseEntityMessage(entityItemID, &bufferOut[0], _maxPacketSize, sizeOut)) { if (EntityItemProperties::encodeEraseEntityMessage(entityItemID, &bufferOut[0], _maxPacketSize, sizeOut)) {
queueOctreeEditMessage(PacketTypeEntityErase, bufferOut, sizeOut); queueOctreeEditMessage(PacketTypeEntityErase, bufferOut, sizeOut);

17
libraries/entities/src/EntityItemProperties.cpp
View file

@ -596,8 +596,14 @@ bool EntityItemProperties::encodeEntityEditPacket(PacketType command, EntityItem
packetData->endSubTree(); packetData->endSubTree();
const unsigned char* finalizedData = packetData->getFinalizedData(); const unsigned char* finalizedData = packetData->getFinalizedData();
int finalizedSize = packetData->getFinalizedSize(); int finalizedSize = packetData->getFinalizedSize();
memcpy(bufferOut, finalizedData, finalizedSize); if (finalizedSize <= sizeIn) {
sizeOut = finalizedSize; memcpy(bufferOut, finalizedData, finalizedSize);
sizeOut = finalizedSize;
} else {
qDebug() << "ERROR - encoded edit message doesn't fit in output buffer.";
sizeOut = 0;
success = false;
}
} else { } else {
packetData->discardSubTree(); packetData->discardSubTree();
sizeOut = 0; sizeOut = 0;
@ -747,8 +753,13 @@ bool EntityItemProperties::encodeEraseEntityMessage(const EntityItemID& entityIt
unsigned char* outputBuffer, size_t maxLength, size_t& outputLength) { unsigned char* outputBuffer, size_t maxLength, size_t& outputLength) {
unsigned char* copyAt = outputBuffer; unsigned char* copyAt = outputBuffer;
uint16_t numberOfIds = 1; // only one entity ID in this message uint16_t numberOfIds = 1; // only one entity ID in this message
if (maxLength < sizeof(numberOfIds) + NUM_BYTES_RFC4122_UUID) {
qDebug() << "ERROR - encodeEraseEntityMessage() called with buffer that is too small!";
outputLength = 0;
return false;
}
memcpy(copyAt, &numberOfIds, sizeof(numberOfIds)); memcpy(copyAt, &numberOfIds, sizeof(numberOfIds));
copyAt += sizeof(numberOfIds); copyAt += sizeof(numberOfIds);
outputLength = sizeof(numberOfIds); outputLength = sizeof(numberOfIds);