diff options
author | Milek7 <Milek7@users.noreply.github.com> | 2021-04-17 20:19:37 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-17 19:19:37 +0100 |
commit | aade177d79259fee204fdac8a5fbaef603a957c9 (patch) | |
tree | fdaf3643d42b1f597d336ee36304e5375090c100 /src | |
parent | da55286c2c83a554130e7712343ddcd2f3f063c7 (diff) | |
download | openttd-aade177d79259fee204fdac8a5fbaef603a957c9.tar.xz |
Fix: Corrupted savegame could cause heap corruption by writing outside link graph edge matrix. (#9046)
Diffstat (limited to 'src')
-rw-r--r-- | src/saveload/linkgraph_sl.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/saveload/linkgraph_sl.cpp b/src/saveload/linkgraph_sl.cpp index a597edfc4..f571e331a 100644 --- a/src/saveload/linkgraph_sl.cpp +++ b/src/saveload/linkgraph_sl.cpp @@ -151,6 +151,7 @@ void SaveLoad_LinkGraph(LinkGraph &lg) } else { /* ... but as that wasted a lot of space we save a sparse matrix now. */ for (NodeID to = from; to != INVALID_NODE; to = lg.edges[from][to].next_edge) { + if (to >= size) SlErrorCorrupt("Link graph structure overflow"); SlObject(&lg.edges[from][to], _edge_desc); } } |