diff options
| author | jackpoz <giacomopoz@gmail.com> | 2014-05-25 14:42:22 +0200 |
|---|---|---|
| committer | jackpoz <giacomopoz@gmail.com> | 2014-05-25 15:18:55 +0200 |
| commit | 5e66253de230ef3f9236ba71e94296d60b05aa3f (patch) | |
| tree | 4a4f9d46203da5647f7eb60a38999a39a74c8932 /src | |
| parent | 01b33a67726d04a2862fd079c02fb432e2b9ec9b (diff) | |
Core/Misc: Throw an exception if client sends invalid float/double data
Throw a ByteBufferException if client sends 1.#INF0000, 1.#QNAN000, 1.#IND0000 or other invalid float/double values.
Handle this invalid values in StaticMapTree::isInLineOfSight() to avoid triggering an assert.
Fixes #12126
Diffstat (limited to 'src')
| -rw-r--r-- | src/server/collision/Maps/MapTree.cpp | 3 | ||||
| -rw-r--r-- | src/server/shared/Packets/ByteBuffer.h | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/src/server/collision/Maps/MapTree.cpp b/src/server/collision/Maps/MapTree.cpp index bb57079c389..60069b5c81f 100644 --- a/src/server/collision/Maps/MapTree.cpp +++ b/src/server/collision/Maps/MapTree.cpp @@ -157,8 +157,7 @@ namespace VMAP { float maxDist = (pos2 - pos1).magnitude(); // return false if distance is over max float, in case of cheater teleporting to the end of the universe - if (maxDist == std::numeric_limits<float>::max() || - maxDist == std::numeric_limits<float>::infinity()) + if (maxDist == std::numeric_limits<float>::max() || !isfinite(maxDist)) return false; // valid map coords should *never ever* produce float overflow, but this would produce NaNs too diff --git a/src/server/shared/Packets/ByteBuffer.h b/src/server/shared/Packets/ByteBuffer.h index dd0a9d5fdf4..e06556423aa 100644 --- a/src/server/shared/Packets/ByteBuffer.h +++ b/src/server/shared/Packets/ByteBuffer.h @@ -241,12 +241,16 @@ class ByteBuffer ByteBuffer &operator>>(float &value) { value = read<float>(); + if (!isfinite(value)) + throw ByteBufferException(); return *this; } ByteBuffer &operator>>(double &value) { value = read<double>(); + if (!isfinite(value)) + throw ByteBufferException(); return *this; } |