[CF-Devel] Patch submission: bounds error
crossfire-devel at archives.real-time.com
crossfire-devel at archives.real-time.com
Fri Jan 16 17:12:08 CST 2004
Hello,
there is a bounds error in server/plugins.c: the array HookList has the size
NR_OF_HOOKS but the loop variable j counts from 0 to NR_OF_HOOKS
(inclusive).
The diff is against current CVS.
Andreas
-------------- next part --------------
Index: server/plugins.c
===================================================================
RCS file: /cvsroot/crossfire/crossfire/server/plugins.c,v
retrieving revision 1.22
diff -c -5 -r1.22 plugins.c
*** server/plugins.c 7 Nov 2003 19:54:49 -0000 1.22
--- server/plugins.c 16 Jan 2004 22:34:05 -0000
***************
*** 220,230 ****
int j;
i = 0;
HookParm = (CFParm *)(malloc(sizeof(CFParm)));
HookParm->Value[0]=(int *)(malloc(sizeof(int)));
! for(j=1; j<=NR_OF_HOOKS;j++)
{
memcpy(HookParm->Value[0], &j, sizeof(int));
HookParm->Value[1] = HookList[j];
/*switch(j)
{
--- 220,230 ----
int j;
i = 0;
HookParm = (CFParm *)(malloc(sizeof(CFParm)));
HookParm->Value[0]=(int *)(malloc(sizeof(int)));
! for(j=1; j<NR_OF_HOOKS;j++)
{
memcpy(HookParm->Value[0], &j, sizeof(int));
HookParm->Value[1] = HookList[j];
/*switch(j)
{
***************
*** 541,551 ****
int j;
i = 0;
HookParm = (CFParm *)(malloc(sizeof(CFParm)));
HookParm->Value[0]=(int *)(malloc(sizeof(int)));
! for(j=1; j<=NR_OF_HOOKS;j++)
{
memcpy(HookParm->Value[0], &j, sizeof(int));
HookParm->Value[1] = HookList[j];
/*switch(j)
{
--- 541,551 ----
int j;
i = 0;
HookParm = (CFParm *)(malloc(sizeof(CFParm)));
HookParm->Value[0]=(int *)(malloc(sizeof(int)));
! for(j=1; j<NR_OF_HOOKS;j++)
{
memcpy(HookParm->Value[0], &j, sizeof(int));
HookParm->Value[1] = HookList[j];
/*switch(j)
{
-------------- next part --------------
_______________________________________________
crossfire-devel mailing list
crossfire-devel at lists.real-time.com
https://mailman.real-time.com/mailman/listinfo/crossfire-devel
More information about the crossfire
mailing list