check len before memcpy in UpdateDeck (#2652)

2bfb8198 · Chen Bill · GitHub · d376ed0e · 2bfb8198 · 2bfb8198
Commit 2bfb8198 authored Jan 24, 2025 by Chen Bill Committed by GitHub Jan 24, 2025
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

gframe/single_duel.cpp gframe/single_duel.cpp +2 -0

gframe/tag_duel.cpp gframe/tag_duel.cpp +2 -0

No files found.
--- a/gframe/single_duel.cpp
+++ b/gframe/single_duel.cpp
@@ -278,6 +278,8 @@ void SingleDuel::PlayerKick(DuelPlayer* dp, unsigned char pos) {
 void SingleDuel::UpdateDeck(DuelPlayer* dp, unsigned char* pdata, int len) {
 	if(dp->type > 1 || ready[dp->type])
 		return;
+	if (len < 8 || len > sizeof(CTOS_DeckData))
+		return;
 	bool valid = true;
 	CTOS_DeckData deckbuf;
 	std::memcpy(&deckbuf, pdata, len);

--- a/gframe/tag_duel.cpp
+++ b/gframe/tag_duel.cpp
@@ -261,6 +261,8 @@ void TagDuel::PlayerKick(DuelPlayer* dp, unsigned char pos) {
 void TagDuel::UpdateDeck(DuelPlayer* dp, unsigned char* pdata, int len) {
 	if(dp->type > 3 || ready[dp->type])
 		return;
+	if (len < 8 || len > sizeof(CTOS_DeckData))
+		return;
 	bool valid = true;
 	CTOS_DeckData deckbuf;
 	std::memcpy(&deckbuf, pdata, len);