From e626e07bd3083bc876b3cd309a2d58f78cf90bd5 Mon Sep 17 00:00:00 2001 From: rubidium Date: Sun, 28 Dec 2008 21:07:45 +0000 Subject: (svn r14759) -Fix (r14730): tab completion causing out-of-bounds read. --- src/network/core/tcp.h | 2 +- src/network/network_chat_gui.cpp | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/network/core/tcp.h b/src/network/core/tcp.h index 06d382f6c..84863ca2f 100644 --- a/src/network/core/tcp.h +++ b/src/network/core/tcp.h @@ -127,7 +127,7 @@ static inline bool IsValidNetworkClientSocketIndex(ClientIndex index) return (uint)index < GetNetworkClientSocketPoolSize() && GetNetworkClientSocket(index)->IsValid(); } -#define FOR_ALL_CLIENT_SOCKETS_FROM(d, start) for (d = (start < GetNetworkClientSocketPoolSize() ? GetNetworkClientSocket(start) : NULL); d != NULL; d = (d->index + 1U < GetNetworkClientSocketPoolSize()) ? GetNetworkClientSocket(d->index + 1U) : NULL) if (d->IsValid()) +#define FOR_ALL_CLIENT_SOCKETS_FROM(d, start) for (d = GetNetworkClientSocket(start); d != NULL; d = (d->index + 1U < GetNetworkClientSocketPoolSize()) ? GetNetworkClientSocket(d->index + 1U) : NULL) if (d->IsValid()) #define FOR_ALL_CLIENT_SOCKETS(d) FOR_ALL_CLIENT_SOCKETS_FROM(d, 0) typedef NetworkClientSocket NetworkTCPSocketHandler; diff --git a/src/network/network_chat_gui.cpp b/src/network/network_chat_gui.cpp index 4f4447779..43505cf75 100644 --- a/src/network/network_chat_gui.cpp +++ b/src/network/network_chat_gui.cpp @@ -300,12 +300,14 @@ struct NetworkChatWindow : public QueryStringBaseWindow { /* First, try clients */ if (*item < MAX_CLIENT_SLOTS) { - /* Skip inactive clients */ - NetworkClientInfo *ci; - FOR_ALL_CLIENT_INFOS_FROM(ci, *item + 1) break; - if (ci != NULL) { - *item = ci->index; - return ci->client_name; + if (*item + 1 < GetNetworkClientInfoPoolSize()) { + /* Skip inactive clients */ + NetworkClientInfo *ci; + FOR_ALL_CLIENT_INFOS_FROM(ci, *item + 1) break; + if (ci != NULL) { + *item = ci->index; + return ci->client_name; + } } *item = MAX_CLIENT_SLOTS; } -- cgit v1.2.3-54-g00ecf