aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarkus Uhlin <markus@nifty-networks.net>2025-03-23 13:09:52 +0100
committerMarkus Uhlin <markus@nifty-networks.net>2025-03-23 13:09:52 +0100
commit6c2eba74942c4a531fac4f7c3f2f1a46e79cc438 (patch)
tree84729ae2b95a0c0cd33966501994bb2bd7595b98
parenteebc825631f1d407cf1f66f4fd8d50bb48c94946 (diff)
Fixed overflowed array index write
Diffstat
-rw-r--r--FICS/playerdb.c34
1 files changed, 26 insertions, 8 deletions
diff --git a/FICS/playerdb.c b/FICS/playerdb.c
index cf7a014..238425a 100644
--- a/FICS/playerdb.c
+++ b/FICS/playerdb.c
@@ -1788,17 +1788,26 @@ player_new_pendto(int p)
PUBLIC int
player_remove_pendto(int p, int p1, int type)
{
- int w;
+ bool removed = false;
+ int w;
if ((w = player_find_pendto(p, p1, type)) < 0)
return -1;
- for (; w < (parray[p].num_to - 1); w++)
+ for (; w < (parray[p].num_to - 1); w++) {
+ if (w + 1 >= (int)ARRAY_SIZE(parray[0].p_to_list)) {
+ warnx("%s: overflowed array index write", __func__);
+ break;
+ }
+
parray[p].p_to_list[w] = parray[p].p_to_list[w + 1];
+ removed = true;
+ }
- parray[p].num_to = (parray[p].num_to - 1);
+ if (removed)
+ parray[p].num_to -= 1;
- return 0;
+ return (removed ? 0 : -1);
}
PUBLIC int
@@ -1842,17 +1851,26 @@ player_new_pendfrom(int p)
PUBLIC int
player_remove_pendfrom(int p, int p1, int type)
{
- int w;
+ bool removed = false;
+ int w;
if ((w = player_find_pendfrom(p, p1, type)) < 0)
return -1;
- for (; w < (parray[p].num_from - 1); w++)
+ for (; w < (parray[p].num_from - 1); w++) {
+ if (w + 1 >= (int)ARRAY_SIZE(parray[0].p_from_list)) {
+ warnx("%s: overflowed array index write", __func__);
+ break;
+ }
+
parray[p].p_from_list[w] = parray[p].p_from_list[w + 1];
+ removed = true;
+ }
- parray[p].num_from = (parray[p].num_from - 1);
+ if (removed)
+ parray[p].num_from -= 1;
- return 0;
+ return (removed ? 0 : -1);
}
PUBLIC int
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-25 23:56:52 +0000