edg-l/ddnet
1
0
Fork 0
mirror of https://github.com/ddnet/ddnet.git synced 2024-11-10 10:08:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix out of bounds read in CPlayer::Snap with IsSixup (fixes #2416)

Browse source
This commit is contained in:
def 2020-06-30 14:08:55 +02:00
parent a79b1265df
commit 49ba9078f5
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/game/server/player.cpp
View file

@ -330,7 +330,7 @@ void CPlayer::Snap(int SnappingClient)
if(SnappingClient != m_ClientID && g_Config.m_SvHideScore)
Score = -9999;
if(!Server()->IsSixup(SnappingClient))
if(SnappingClient < 0 || !Server()->IsSixup(SnappingClient))
{
CNetObj_PlayerInfo *pPlayerInfo = static_cast<CNetObj_PlayerInfo *>(Server()->SnapNewItem(NETOBJTYPE_PLAYERINFO, id, sizeof(CNetObj_PlayerInfo)));
if(!pPlayerInfo)
@ -362,7 +362,7 @@ void CPlayer::Snap(int SnappingClient)
if(m_ClientID == SnappingClient && (m_Team == TEAM_SPECTATORS || m_Paused))
{
if(!Server()->IsSixup(SnappingClient))
if(SnappingClient < 0 || !Server()->IsSixup(SnappingClient))
{
CNetObj_SpectatorInfo *pSpectatorInfo = static_cast<CNetObj_SpectatorInfo *>(Server()->SnapNewItem(NETOBJTYPE_SPECTATORINFO, m_ClientID, sizeof(CNetObj_SpectatorInfo)));
if(!pSpectatorInfo)
@ -398,7 +398,7 @@ void CPlayer::Snap(int SnappingClient)
if(m_Paused == PAUSE_PAUSED)
pDDNetPlayer->m_Flags |= EXPLAYERFLAG_PAUSED;
if(Server()->IsSixup(SnappingClient) && m_pCharacter && m_pCharacter->m_DDRaceState == DDRACE_STARTED &&
if(SnappingClient >= 0 && Server()->IsSixup(SnappingClient) && m_pCharacter && m_pCharacter->m_DDRaceState == DDRACE_STARTED &&
GameServer()->m_apPlayers[SnappingClient]->m_TimerType == TIMERTYPE_SIXUP)
{
protocol7::CNetObj_PlayerInfoRace *pRaceInfo = static_cast<protocol7::CNetObj_PlayerInfoRace *>(Server()->SnapNewItem(-protocol7::NETOBJTYPE_PLAYERINFORACE, id, sizeof(protocol7::CNetObj_PlayerInfoRace)));