From a1fa7bf52513c388203590ab63c3c2297c971a32 Mon Sep 17 00:00:00 2001 From: jackpoz Date: Sun, 29 Sep 2013 12:26:56 +0200 Subject: Tools/VMAP Extractor: Fix memory issues Fix not-NULL terminated char buffer and uninitialized memory written to vmaps due to WMOLiquidHeader struct padding bytes left uninitialized. The padding bytes should be ignored anyway by VMAP Assembler so no re-extraction is required. Valgrind log: Syscall param write(buf) points to uninitialised byte(s) at 0x585FB50: __write_nocancel (syscall-template.S:81) by 0x57EE2F2: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1270) by 0x57EE1D1: new_do_write (fileops.c:546) by 0x57EF904: _IO_do_write@@GLIBC_2.2.5 (fileops.c:519) by 0x57EEB70: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1341) by 0x57E3EC4: fwrite (iofwrite.c:43) by 0x41161B: WMOGroup::ConvertToVMAPGroupWmo(_IO_FILE*, WMORoot*, bool) (wmo.cpp:386) by 0x407FA9: ExtractSingleWmo(std::string&) (vmapexport.cpp:215) by 0x407B16: ExtractWmo() (vmapexport.cpp:138) by 0x409D50: main (vmapexport.cpp:497) Address 0x40398e2 is not stack'd, malloc'd or (recently) free'd Uninitialised value was created by a heap allocation at 0x4C2C7A7: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x410ADA: WMOGroup::open() (wmo.cpp:224) by 0x407F54: ExtractSingleWmo(std::string&) (vmapexport.cpp:208) by 0x407B16: ExtractWmo() (vmapexport.cpp:138) by 0x409D50: main (vmapexport.cpp:497) --- src/tools/vmap4_extractor/mpq_libmpq04.h | 3 ++- src/tools/vmap4_extractor/wmo.cpp | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'src/tools/vmap4_extractor') diff --git a/src/tools/vmap4_extractor/mpq_libmpq04.h b/src/tools/vmap4_extractor/mpq_libmpq04.h index 9f0163067c4..8986ca4e0c8 100644 --- a/src/tools/vmap4_extractor/mpq_libmpq04.h +++ b/src/tools/vmap4_extractor/mpq_libmpq04.h @@ -26,7 +26,8 @@ public: libmpq__off_t size, transferred; libmpq__file_unpacked_size(mpq_a, filenum, &size); - char *buffer = new char[size]; + char *buffer = new char[size + 1]; + buffer[size] = '\0'; libmpq__file_read(mpq_a, filenum, (unsigned char*)buffer, size, &transferred); diff --git a/src/tools/vmap4_extractor/wmo.cpp b/src/tools/vmap4_extractor/wmo.cpp index c606f06f6db..25a65f87e2c 100644 --- a/src/tools/vmap4_extractor/wmo.cpp +++ b/src/tools/vmap4_extractor/wmo.cpp @@ -221,7 +221,7 @@ bool WMOGroup::open() else if (!strcmp(fourcc,"MLIQ")) { liquflags |= 1; - hlq = new WMOLiquidHeader; + hlq = new WMOLiquidHeader(); f.read(hlq, 0x1E); LiquEx_size = sizeof(WMOLiquidVert) * hlq->xverts * hlq->yverts; LiquEx = new WMOLiquidVert[hlq->xverts * hlq->yverts]; -- cgit v1.2.3