From df84ecd043425be441c8788a0b696071fc5ddd2c Mon Sep 17 00:00:00 2001 From: Bernhard Liebl Date: Wed, 3 Jan 2018 21:08:44 +0100 Subject: [PATCH] Checks on input_buffer in PacketPeerStream --- core/io/packet_peer.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/io/packet_peer.cpp b/core/io/packet_peer.cpp index 472f6296d2c..7e090361716 100644 --- a/core/io/packet_peer.cpp +++ b/core/io/packet_peer.cpp @@ -164,6 +164,7 @@ Error PacketPeerStream::_poll_buffer() const { ERR_FAIL_COND_V(peer.is_null(), ERR_UNCONFIGURED); int read = 0; + ERR_FAIL_COND_V(input_buffer.size() < ring_buffer.space_left(), ERR_UNAVAILABLE); Error err = peer->get_partial_data(&input_buffer[0], ring_buffer.space_left(), read); if (err) return err; @@ -215,6 +216,7 @@ Error PacketPeerStream::get_packet(const uint8_t **r_buffer, int &r_buffer_size) uint32_t len = decode_uint32(lbuf); ERR_FAIL_COND_V(remaining < (int)len, ERR_UNAVAILABLE); + ERR_FAIL_COND_V(input_buffer.size() < len, ERR_UNAVAILABLE); ring_buffer.read(lbuf, 4); //get rid of first 4 bytes ring_buffer.read(&input_buffer[0], len); // read packet