From 4282ec57f3cffbae381ed9cb40ab3a3c56dc906e Mon Sep 17 00:00:00 2001 From: Shauren Date: Wed, 25 Feb 2015 16:13:58 +0100 Subject: Core/DataStores: Fixed out of bounds array access in DBStorageIterator --- src/server/shared/DataStores/DBStorageIterator.h | 30 +++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/server/shared/DataStores/DBStorageIterator.h b/src/server/shared/DataStores/DBStorageIterator.h index 0bd7e7dcaa9..a34cd6677c2 100644 --- a/src/server/shared/DataStores/DBStorageIterator.h +++ b/src/server/shared/DataStores/DBStorageIterator.h @@ -26,7 +26,15 @@ class DBStorageIterator : public std::iterator { public: DBStorageIterator() : _index(nullptr), _pos(0), _end(0) { } - DBStorageIterator(T** index, uint32 size, uint32 pos = 0) : _index(index), _pos(pos), _end(size) { while (_pos < _end && !_index[++_pos]); } + DBStorageIterator(T** index, uint32 size, uint32 pos = 0) : _index(index), _pos(pos), _end(size) + { + if (_pos < _end) + { + do + ++_pos; + while (_pos < _end && !_index[_pos]); + } + } T* operator->() { return _index[_pos]; } T* operator*() { return _index[_pos]; } @@ -34,8 +42,24 @@ public: bool operator==(DBStorageIterator const& right) const { /*ASSERT(_index == right._index, "Iterator belongs to a different container")*/ return _pos == right._pos; } bool operator!=(DBStorageIterator const& right) const { return !(*this == right); } - DBStorageIterator& operator++() { while (_pos < _end && !_index[++_pos]); return *this; } - DBStorageIterator operator++(int) { DBStorageIterator tmp = *this; ++*this; return tmp; } + DBStorageIterator& operator++() + { + if (_pos < _end) + { + do + ++_pos; + while (_pos < _end && !_index[_pos]); + } + + return *this; + } + + DBStorageIterator operator++(int) + { + DBStorageIterator tmp = *this; + ++*this; + return tmp; + } private: T** _index; -- cgit v1.2.3