Core/Transports: Fix array overflow

Fix an array overflow in TransportMgr::GeneratePath() spline code. Valgrind log: Invalid read of size 4 at : G3D::Vector3::operator*(float) const (Vector3.h:650) by : Movement::C_Evaluate(G3D::Vector3 const*, float, G3D::Matrix4 const&, G3D::Vector3&) (Spline.cpp:103) by : Movement::SplineBase::SegLengthCatmullRom(int) const (Spline.cpp:171) by : Movement::SplineBase::SegLength(int) const (in /home/jackpoz/trinity/bin/worldserver) by : Movement::Spline<double>::initLengths() (SplineImpl.h:86) by : TransportMgr::GeneratePath(GameObjectTemplate const*, TransportTemplate*) (TransportMgr.cpp:125) by : TransportMgr::LoadTransportTemplates() (TransportMgr.cpp:78) Address 0x1d07d154 is 8 bytes after a block of size 300 alloc'd
author: jackpoz <giacomopoz@gmail.com> 2013-12-30 16:15:37 +0100
committer: jackpoz <giacomopoz@gmail.com> 2013-12-30 16:15:37 +0100
commit: 799daaae551556fce9a261c1280dd54cfd45aedd (patch)
tree: 8bdbb1fc6632b53a0b9aa52e2c8333b7d5111beb
parent: 99b0ee19ca1711b030d6bdccc0faa4ed0ea54419 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/server/game/Maps/TransportMgr.cpp b/src/server/game/Maps/TransportMgr.cpp
index 8e768924eb8..328342ab303 100644
--- a/src/server/game/Maps/TransportMgr.cpp
+++ b/src/server/game/Maps/TransportMgr.cpp
@@ -98,7 +98,7 @@ public:
         cyclic = false;
         points.assign(_points.begin(), _points.end());
         lo = 1;
-        hi = points.size();
+        hi = points.size() - 2;
     }
 
     Movement::PointsArray& _points;
author	jackpoz <giacomopoz@gmail.com>	2013-12-30 16:15:37 +0100
committer	jackpoz <giacomopoz@gmail.com>	2013-12-30 16:15:37 +0100
commit	799daaae551556fce9a261c1280dd54cfd45aedd (patch)
tree	8bdbb1fc6632b53a0b9aa52e2c8333b7d5111beb
parent	99b0ee19ca1711b030d6bdccc0faa4ed0ea54419 (diff)