mirror of
https://github.com/ddnet/ddnet.git
synced 2024-11-19 06:28:19 +00:00
151b2854e3
Fix backlog corruption in `CConsole::PumpBacklogPending` when many backlog entries are allocated at the same time. When allocating many entries from the `m_Backlog` ringbuffer at the same time, the first entries being allocated may already have been recycled again, so the pointers to them being stored in the temporary vector of new backlog entries were pointing arbitrarily into the ringbuffer data, which could cause corruption of the structural and user data of the ringbuffer. Now, we iterate over the entire backlog and only update uninitialized entries instead of storing the new entries separately.
This was sometimes caught as a misaligned access with UBSan:
```
src/engine/shared/ringbuffer.cpp:160:14: runtime error: member access within misaligned address 0x00014126f4df for type 'struct CItem', which requires 8 byte alignment
0x00014126f4df: note: pointer points here
<memory cannot be printed>
0 0x5825349a6a1c in CRingBufferBase::Prev(void*) src/engine/shared/ringbuffer.cpp:160
1 0x5825334e8934 in CTypedRingBuffer<CGameConsole::CInstance::CBacklogEntry>::Prev(CGameConsole::CInstance::CBacklogEntry*) src/engine/shared/ringbuffer.h:59
2 0x5825334d13e6 in CGameConsole::OnRender() src/game/client/components/console.cpp:1259
3 0x582533bce058 in CGameClient::OnRender() src/game/client/gameclient.cpp:715
4 0x582532f3cc44 in CClient::Render() src/engine/client/client.cpp:894
5 0x582532f9d236 in CClient::Run() src/engine/client/client.cpp:2971
6 0x582533002e5e in main src/engine/client/client.cpp:4523
```
|
||
|---|---|---|
| .. | ||
| android | ||
| antibot | ||
| base | ||
| engine | ||
| game | ||
| macos | ||
| masterping | ||
| mastersrv | ||
| rust-bridge | ||
| steam | ||
| test | ||
| tools | ||