0ct0pu5/wesnoth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix a bug which could cause the terrain_builder to crash

Browse source 
The terrain builder logic assumes that the min_types list is
empty whenever the min_constraint pointer is null, and based on
this, dereferences the pointer. However, in subsequent passes of
the outer loop the pointer is initialized to null while the list
is not cleared. According to coverity this can actually cause
a null pointer dereference in explicit cases.

We fix it by explicitly re-initializing the list on each pass.
This commit is contained in:
Chris Beck 2014-07-01 01:41:43 -04:00
parent 80fbc45de2
commit 30e0106ebf
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/builder.cpp
View file

@ -1039,7 +1039,7 @@ void terrain_builder::build_terrains()
// We will keep a track of the matching terrains of this constraint
// and later try to apply the rule only on them
size_t min_size = INT_MAX;
t_translation::t_list min_types;
t_translation::t_list min_types = t_translation::t_list(); // <-- This must be explicitly initialized, just as min_constraint is, at start of loop, or we get a null pointer dereference when we go through on later times.
const terrain_constraint *min_constraint = NULL;
BOOST_FOREACH(const terrain_constraint &constraint, rule.constraints)