diff options
author | rubidium <rubidium@openttd.org> | 2007-08-08 14:18:05 +0000 |
---|---|---|
committer | rubidium <rubidium@openttd.org> | 2007-08-08 14:18:05 +0000 |
commit | 1f73e795e1457a45dfb6d77f8dffcda4192372ed (patch) | |
tree | 32b3276163df37c85cde3a07886f5ab0be76ea08 /src | |
parent | 495bc4ecf46c8ae42ee616e1d6c91407cee7396c (diff) | |
download | openttd-1f73e795e1457a45dfb6d77f8dffcda4192372ed.tar.xz |
(svn r10827) -Fix [FS#1112]: out of bounds access in corner case of list allocations of vehicles.
Diffstat (limited to 'src')
-rw-r--r-- | src/oldpool.h | 36 |
1 files changed, 25 insertions, 11 deletions
diff --git a/src/oldpool.h b/src/oldpool.h index caeabccab..9f79d632e 100644 --- a/src/oldpool.h +++ b/src/oldpool.h @@ -234,22 +234,14 @@ struct PoolItem { return false; } -protected: - /** - * Allocate a pool item; possibly allocate a new block in the pool. - * @return the allocated pool item (or NULL when the pool is full). - */ - static inline T *AllocateRaw() - { - return AllocateRaw(Tpool->first_free_index); - } - +private: /** * Allocate a pool item; possibly allocate a new block in the pool. * @param first the first pool item to start searching + * @pre first <= Tpool->GetSize() * @return the allocated pool item (or NULL when the pool is full). */ - static inline T *AllocateRaw(uint &first) + static inline T *AllocateSafeRaw(uint &first) { uint last_minus_one = Tpool->GetSize() - 1; @@ -270,6 +262,28 @@ protected: return NULL; } +protected: + /** + * Allocate a pool item; possibly allocate a new block in the pool. + * @return the allocated pool item (or NULL when the pool is full). + */ + static inline T *AllocateRaw() + { + return AllocateSafeRaw(Tpool->first_free_index); + } + + /** + * Allocate a pool item; possibly allocate a new block in the pool. + * @param first the first pool item to start searching + * @return the allocated pool item (or NULL when the pool is full). + */ + static inline T *AllocateRaw(uint &first) + { + if (first >= Tpool->GetSize() && !Tpool->AddBlockToPool()) return NULL; + + return AllocateSafeRaw(first); + } + /** * Are we cleaning this pool? * @return true if we are |