Skip to content

Fix nodes and links bounds check. #474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 18, 2024
Merged

Fix nodes and links bounds check. #474

merged 1 commit into from
Oct 18, 2024

Conversation

@malortie
Copy link
Contributor

@malortie malortie commented Oct 18, 2024
edited
Loading

For example, consider the following in nodes.cpp:

hlsdk-portable/dlls/nodes.cpp

Lines 1413 to 1416 in 13086d3

for( i = 0; i < m_cNodes; i++ )
{
pSrcNode = &m_pNodes[i];

hlsdk-portable/dlls/nodes.cpp

Lines 2651 to 2655 in 13086d3

for( i = 0; i < m_cLinks; i++ )
{
// go through all of the links
if( m_pLinkPool[i].m_pLinkEnt != NULL )
{

For nodes, i should always be less than m_cNodes and less than m_cLinks for links. Assuming it's the case, if m_cNodes = 11 then m_pNodes[11] should be invalid. If m_cLinks = 18 then m_pLinkPool[18] should also be invalid.

Methods Node(int i) and Link(int i) check whether i is a valid index.

hlsdk-portable/dlls/nodes.h

Lines 219 to 220 in 13086d3

if ( !m_pNodes || i < 0 || i > m_cNodes )
ALERT( at_error, "Bad Node!\n" );

hlsdk-portable/dlls/nodes.h

Lines 228 to 229 in 13086d3

if ( !m_pLinkPool || i < 0 || i > m_cLinks )
ALERT( at_error, "Bad link!\n" );

In the case of Node(int i), the last out of bound check is i > m_cNodes. If m_cNodes = 11 and i = 11, it shouldn't be valid but still passes. The same applies to Link(int i).

Quick test

  1. Build the latest version
  2. Open a map (e.g. c2a5a, used in the test)
  3. Put a breakpoint on both lines
  4. Upon hitting the breakpoint, change i to each of the following values and assert:

Note: m_cNodes = 11 and m_cLinks = 18 in c2a5a.

Node(int i)

i = -1, invalid index (OK) (because of i < 0)
i = 0, valid index (OK)
i = 10, valid index (OK)
i = 11, invalid index (FAIL) (because of i > m_cNodes)

Link(int i)

i = -1, invalid index (OK) (because of i < 0)
i = 0, valid index (OK)
i = 17, valid index (OK)
i = 18, invalid index (FAIL) (because of i > m_cLinks)

Changing to i >= m_cNodes and i >= m_cLinks makes the check work correctly. However, both methods should return NULL if it's invalid.

Conclusion

Note that it's just from a first look and a quick test. I don't know if there are cases or reasons that justify i > m_cNodes and i > m_cLinks. Further tests may or may not be required but I won't have time to make an in depth testing for now , so I'll leave this PR as draft . Feel free to leave open, merge or close.

@malortie malortie marked this pull request as ready for review October 18, 2024 01:23
@nekonomicon nekonomicon merged commit fb274f1 into FWGS:master Oct 18, 2024
4 checks passed
@malortie malortie deleted the fix-nodes-out-of-bound branch October 18, 2024 10:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@malortie @nekonomicon