edg-l/ddnet
1
0
Fork 0
mirror of https://github.com/ddnet/ddnet.git synced 2024-11-10 01:58:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Try to fix CDragger's heap-use-after-free (fixes #4277)

Browse source
This commit is contained in:
def 2021-11-02 17:09:25 +01:00
parent 842ba4416b
commit 65655975bc
2 changed files with 41 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
src/game/server/entities/dragger.cpp
View file

@ -16,7 +16,7 @@ CDragger::CDragger(CGameWorld *pGameWorld, vec2 Pos, float Strength, bool NW,
int CaughtTeam, int Layer, int Number) :
CEntity(pGameWorld, CGameWorld::ENTTYPE_LASER)
{
m_Target = 0;
m_TargetID = -1;
m_Layer = Layer;
m_Number = Number;
m_Pos = Pos;
@ -34,8 +34,14 @@ CDragger::CDragger(CGameWorld *pGameWorld, vec2 Pos, float Strength, bool NW,
void CDragger::Move()
{
if(m_Target && (!m_Target->IsAlive() || (m_Target->IsAlive() && (m_Target->m_Super || m_Target->IsPaused() || (m_Layer == LAYER_SWITCH && m_Number && !GameServer()->Collision()->m_pSwitchers[m_Number].m_Status[m_Target->Team()])))))
m_Target = 0;
if(m_TargetID >= 0)
{
CCharacter *pTarget = GameServer()->GetPlayerChar(m_TargetID);
if(!pTarget || pTarget->m_Super || pTarget->IsPaused() || (m_Layer == LAYER_SWITCH && m_Number && !GameServer()->Collision()->m_pSwitchers[m_Number].m_Status[pTarget->Team()]))
{
m_TargetID = -1;
}
}
mem_zero(m_SoloEnts, sizeof(m_SoloEnts));
CCharacter *TempEnts[MAX_CLIENTS];
@ -83,14 +89,15 @@ void CDragger::Move()
}
}
if(!m_Target)
m_Target = Id != -1 ? TempEnts[Id] : 0;
if(m_TargetID < 0)
m_TargetID = Id;
if(m_Target)
if(m_TargetID >= 0)
{
const CCharacter *pTarget = GameServer()->GetPlayerChar(m_TargetID);
for(auto &SoloEnt : m_SoloEnts)
{
if(SoloEnt == m_Target)
if(SoloEnt == pTarget)
SoloEnt = 0;
}
}
@ -98,38 +105,38 @@ void CDragger::Move()
void CDragger::Drag()
{
if(!m_Target)
if(m_TargetID < 0)
return;
CCharacter *Target = m_Target;
CCharacter *pTarget = GameServer()->GetPlayerChar(m_TargetID);
for(int i = -1; i < MAX_CLIENTS; i++)
{
if(i >= 0)
Target = m_SoloEnts[i];
pTarget = m_SoloEnts[i];
if(!Target)
if(!pTarget)
continue;
int Res = 0;
if(!m_NW)
Res = GameServer()->Collision()->IntersectNoLaser(m_Pos,
Target->m_Pos, 0, 0);
pTarget->m_Pos, 0, 0);
else
Res = GameServer()->Collision()->IntersectNoLaserNW(m_Pos,
Target->m_Pos, 0, 0);
if(Res || length(m_Pos - Target->m_Pos) > g_Config.m_SvDraggerRange)
pTarget->m_Pos, 0, 0);
if(Res || length(m_Pos - pTarget->m_Pos) > g_Config.m_SvDraggerRange)
{
Target = 0;
pTarget = 0;
if(i == -1)
m_Target = 0;
m_TargetID = -1;
else
m_SoloEnts[i] = 0;
}
else if(length(m_Pos - Target->m_Pos) > 28)
else if(length(m_Pos - pTarget->m_Pos) > 28)
{
vec2 Temp = Target->Core()->m_Vel + (normalize(m_Pos - Target->m_Pos) * m_Strength);
Target->Core()->m_Vel = ClampVel(Target->m_MoveRestrictions, Temp);
vec2 Temp = pTarget->Core()->m_Vel + (normalize(m_Pos - pTarget->m_Pos) * m_Strength);
pTarget->Core()->m_Vel = ClampVel(pTarget->m_MoveRestrictions, Temp);
}
}
}
@ -167,7 +174,7 @@ void CDragger::Snap(int SnappingClient)
int SnappingClientVersion = SnappingClient >= 0 ? GameServer()->GetClientVersion(SnappingClient) : CLIENT_VERSIONNR;
CCharacter *Target = m_Target;
CCharacter *pTarget = m_TargetID < 0 ? 0 : GameServer()->GetPlayerChar(m_TargetID);
for(int &SoloID : m_SoloIDs)
{
@ -184,18 +191,16 @@ void CDragger::Snap(int SnappingClient)
{
if(i >= 0)
{
Target = m_SoloEnts[i];
pTarget = m_SoloEnts[i];
if(!Target)
if(!pTarget)
continue;
}
if(Target)
{
if(NetworkClipped(SnappingClient, m_Pos) && NetworkClipped(SnappingClient, Target->m_Pos))
continue;
}
else if(NetworkClipped(SnappingClient, m_Pos))
if(NetworkClipped(SnappingClient, m_Pos))
continue;
if(pTarget && NetworkClipped(SnappingClient, pTarget->m_Pos))
continue;
CCharacter *Char = GameServer()->GetPlayerChar(SnappingClient);
@ -206,11 +211,11 @@ void CDragger::Snap(int SnappingClient)
if(i != -1 || SnappingClientVersion < VERSION_DDNET_SWITCH)
{
int Tick = (Server()->Tick() % Server()->TickSpeed()) % 11;
if(Char && Char->IsAlive() && (m_Layer == LAYER_SWITCH && m_Number && !GameServer()->Collision()->m_pSwitchers[m_Number].m_Status[Char->Team()] && (!Tick)))
if(Char && m_Layer == LAYER_SWITCH && m_Number && !GameServer()->Collision()->m_pSwitchers[m_Number].m_Status[Char->Team()] && (!Tick))
continue;
}
if(Char && Char->IsAlive())
if(Char)
{
if(Char->Team() != m_CaughtTeam)
continue;
@ -218,11 +223,11 @@ void CDragger::Snap(int SnappingClient)
else
{
// send to spectators only active draggers and some inactive from team 0
if(!((Target && Target->IsAlive()) || m_CaughtTeam == 0))
if(!(pTarget || m_CaughtTeam == 0))
continue;
}
if(Char && Char->IsAlive() && Target && Target->IsAlive() && Target->GetPlayer()->GetCID() != Char->GetPlayer()->GetCID() && ((Char->GetPlayer()->m_ShowOthers == 0 && (Char->Teams()->m_Core.GetSolo(SnappingClient) || Char->Teams()->m_Core.GetSolo(Target->GetPlayer()->GetCID()))) || (Char->GetPlayer()->m_ShowOthers == 2 && !Target->SameTeam(SnappingClient))))
if(Char && pTarget && pTarget->GetPlayer()->GetCID() != Char->GetPlayer()->GetCID() && ((Char->GetPlayer()->m_ShowOthers == 0 && (Char->Teams()->m_Core.GetSolo(SnappingClient) || Char->Teams()->m_Core.GetSolo(pTarget->GetPlayer()->GetCID()))) || (Char->GetPlayer()->m_ShowOthers == 2 && !pTarget->SameTeam(SnappingClient))))
{
continue;
}
@ -254,10 +259,10 @@ void CDragger::Snap(int SnappingClient)
continue;
obj->m_X = (int)m_Pos.x;
obj->m_Y = (int)m_Pos.y;
if(Target)
if(pTarget)
{
obj->m_FromX = (int)Target->m_Pos.x;
obj->m_FromY = (int)Target->m_Pos.y;
obj->m_FromX = (int)pTarget->m_Pos.x;
obj->m_FromY = (int)pTarget->m_Pos.y;
}
else
{

2
src/game/server/entities/dragger.h
View file

@ -12,7 +12,7 @@ class CDragger : public CEntity
int m_EvalTick;
void Move();
void Drag();
CCharacter *m_Target;
int m_TargetID;
bool m_NW;
int m_CaughtTeam;