Merge pull request #42 from dongresource/bugfix

Fixed a use-after-free and a memory leak.
This commit is contained in:
CPunch 2020-08-25 17:42:22 -05:00 committed by GitHub
commit 60be814e16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 6 deletions

View File

@ -200,7 +200,7 @@ void CNSocket::step() {
if (activelyReading && readBufferIndex - readSize <= 0) { if (activelyReading && readBufferIndex - readSize <= 0) {
// decrypt readBuffer and copy to CNPacketData // decrypt readBuffer and copy to CNPacketData
CNSocketEncryption::decryptData(readBuffer, (uint8_t*)(&EKey), readSize); CNSocketEncryption::decryptData((uint8_t*)&readBuffer, (uint8_t*)(&EKey), readSize);
void* tmpBuf = xmalloc(readSize-sizeof(int32_t)); void* tmpBuf = xmalloc(readSize-sizeof(int32_t));
memcpy(tmpBuf, readBuffer+sizeof(uint32_t), readSize-sizeof(int32_t)); memcpy(tmpBuf, readBuffer+sizeof(uint32_t), readSize-sizeof(int32_t));

View File

@ -104,7 +104,7 @@ private:
uint64_t EKey; uint64_t EKey;
uint64_t FEKey; uint64_t FEKey;
int32_t readSize = 0; int32_t readSize = 0;
uint8_t* readBuffer = new uint8_t[MAX_PACKETSIZE]; uint8_t readBuffer[MAX_PACKETSIZE];
int readBufferIndex = 0; int readBufferIndex = 0;
bool activelyReading = false; bool activelyReading = false;
bool alive = true; bool alive = true;

View File

@ -55,18 +55,18 @@ void PlayerManager::removePlayer(CNSocket* key) {
for (CNSocket* otherSock : players[key].viewable) { for (CNSocket* otherSock : players[key].viewable) {
players[otherSock].viewable.remove(key); // gone players[otherSock].viewable.remove(key); // gone
// now sent PC_EXIT packet // now send PC_EXIT packet
sP_FE2CL_PC_EXIT exitPacket; sP_FE2CL_PC_EXIT exitPacket;
exitPacket.iID = players[key].plr->iID; exitPacket.iID = players[key].plr->iID;
otherSock->sendPacket((void*)&exitPacket, P_FE2CL_PC_EXIT, sizeof(sP_FE2CL_PC_EXIT)); otherSock->sendPacket((void*)&exitPacket, P_FE2CL_PC_EXIT, sizeof(sP_FE2CL_PC_EXIT));
} }
delete cachedView.plr;
players.erase(key);
std::cout << U16toU8(cachedView.plr->PCStyle.szFirstName) << U16toU8(cachedView.plr->PCStyle.szLastName) << " has left!" << std::endl; std::cout << U16toU8(cachedView.plr->PCStyle.szFirstName) << U16toU8(cachedView.plr->PCStyle.szLastName) << " has left!" << std::endl;
std::cout << players.size() << " players" << std::endl; std::cout << players.size() << " players" << std::endl;
delete cachedView.plr;
players.erase(key);
} }
void PlayerManager::updatePlayerPosition(CNSocket* sock, int X, int Y, int Z) { void PlayerManager::updatePlayerPosition(CNSocket* sock, int X, int Y, int Z) {