summaryrefslogtreecommitdiff
path: root/src/saveload
diff options
context:
space:
mode:
authorMilek7 <Milek7@users.noreply.github.com>2021-04-17 20:19:18 +0200
committerGitHub <noreply@github.com>2021-04-17 19:19:18 +0100
commitda55286c2c83a554130e7712343ddcd2f3f063c7 (patch)
treed0579ac79b9f702ebf8fab80b4e4b5ff86cd1d92 /src/saveload
parent8e539ce293def7d307743282721a6e7174bf0350 (diff)
downloadopenttd-da55286c2c83a554130e7712343ddcd2f3f063c7.tar.xz
Fix: Corrupted savegame could crash the game by providing invalid gamelog enums. (#9045)
Diffstat (limited to 'src/saveload')
-rw-r--r--src/saveload/gamelog_sl.cpp15
1 files changed, 9 insertions, 6 deletions
diff --git a/src/saveload/gamelog_sl.cpp b/src/saveload/gamelog_sl.cpp
index 6bff1b154..d68297c9a 100644
--- a/src/saveload/gamelog_sl.cpp
+++ b/src/saveload/gamelog_sl.cpp
@@ -107,8 +107,11 @@ static void Load_GLOG_common(LoggedAction *&gamelog_action, uint &gamelog_action
assert(gamelog_action == nullptr);
assert(gamelog_actions == 0);
- GamelogActionType at;
- while ((at = (GamelogActionType)SlReadByte()) != GLAT_NONE) {
+ byte type;
+ while ((type = SlReadByte()) != GLAT_NONE) {
+ if (type >= GLAT_END) SlErrorCorrupt("Invalid gamelog action type");
+ GamelogActionType at = (GamelogActionType)type;
+
gamelog_action = ReallocT(gamelog_action, gamelog_actions + 1);
LoggedAction *la = &gamelog_action[gamelog_actions++];
@@ -118,8 +121,10 @@ static void Load_GLOG_common(LoggedAction *&gamelog_action, uint &gamelog_action
la->change = nullptr;
la->changes = 0;
- GamelogChangeType ct;
- while ((ct = (GamelogChangeType)SlReadByte()) != GLCT_NONE) {
+ while ((type = SlReadByte()) != GLCT_NONE) {
+ if (type >= GLCT_END) SlErrorCorrupt("Invalid gamelog change type");
+ GamelogChangeType ct = (GamelogChangeType)type;
+
la->change = ReallocT(la->change, la->changes + 1);
LoggedChange *lc = &la->change[la->changes++];
@@ -127,8 +132,6 @@ static void Load_GLOG_common(LoggedAction *&gamelog_action, uint &gamelog_action
memset(lc, 0, sizeof(*lc));
lc->ct = ct;
- assert((uint)ct < GLCT_END);
-
SlObject(lc, _glog_desc[ct]);
}
}