Fix: Corrupted savegame could cause heap corruption by writing outside link graph edge matrix. (#9046)

author: Milek7 <Milek7@users.noreply.github.com> 2021-04-17 20:19:37 +0200
committer: GitHub <noreply@github.com> 2021-04-17 19:19:37 +0100
commit: aade177d79259fee204fdac8a5fbaef603a957c9 (patch)
tree: fdaf3643d42b1f597d336ee36304e5375090c100 /src/saveload
parent: da55286c2c83a554130e7712343ddcd2f3f063c7 (diff)
download: openttd-aade177d79259fee204fdac8a5fbaef603a957c9.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/saveload/linkgraph_sl.cpp b/src/saveload/linkgraph_sl.cpp
index a597edfc4..f571e331a 100644
--- a/src/saveload/linkgraph_sl.cpp
+++ b/src/saveload/linkgraph_sl.cpp
@@ -151,6 +151,7 @@ void SaveLoad_LinkGraph(LinkGraph &lg)
 		} else {
 			/* ... but as that wasted a lot of space we save a sparse matrix now. */
 			for (NodeID to = from; to != INVALID_NODE; to = lg.edges[from][to].next_edge) {
+				if (to >= size) SlErrorCorrupt("Link graph structure overflow");
 				SlObject(&lg.edges[from][to], _edge_desc);
 			}
 		}
author	Milek7 <Milek7@users.noreply.github.com>	2021-04-17 20:19:37 +0200
committer	GitHub <noreply@github.com>	2021-04-17 19:19:37 +0100
commit	aade177d79259fee204fdac8a5fbaef603a957c9 (patch)
tree	fdaf3643d42b1f597d336ee36304e5375090c100 /src/saveload
parent	da55286c2c83a554130e7712343ddcd2f3f063c7 (diff)
download	openttd-aade177d79259fee204fdac8a5fbaef603a957c9.tar.xz