Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-16 07:30:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core/Transports: Fix array overflow

Browse Source 
Fix an array overflow in TransportMgr::GeneratePath() spline code.

Valgrind log:
 Invalid read of size 4
  at : G3D::Vector3::operator*(float) const (Vector3.h:650)
  by : Movement::C_Evaluate(G3D::Vector3 const*, float, G3D::Matrix4 const&, G3D::Vector3&) (Spline.cpp:103)
  by : Movement::SplineBase::SegLengthCatmullRom(int) const (Spline.cpp:171)
  by : Movement::SplineBase::SegLength(int) const (in /home/jackpoz/trinity/bin/worldserver)
  by : Movement::Spline<double>::initLengths() (SplineImpl.h:86)
  by : TransportMgr::GeneratePath(GameObjectTemplate const*, TransportTemplate*) (TransportMgr.cpp:125)
  by : TransportMgr::LoadTransportTemplates() (TransportMgr.cpp:78)
 Address 0x1d07d154  is 8 bytes after a block of size 300 alloc'd
This commit is contained in:
jackpoz
2013-12-30 16:15:37 +01:00
parent 99b0ee19ca
commit 799daaae55
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/server/game/Maps/TransportMgr.cpp
View File

@@ -98,7 +98,7 @@ public:
cyclic = false;
points.assign(_points.begin(), _points.end());
lo = 1;
hi = points.size();
hi = points.size() - 2;
}
Movement::PointsArray& _points;