From fb0afc9cca83d97a3972383da3b54b7584a55fd6 Mon Sep 17 00:00:00 2001 From: rubidium Date: Thu, 24 Apr 2008 11:56:15 +0000 Subject: [PATCH] (svn r12865) [0.6] -Backport from trunk r12856, r12809, r12808, r12637, r12574: - Fix: Ensure that prop 25 is set for all vehicles in the consist before other properties as it could cause desyncs (r12856) - Fix: Possible out of bounds array access (r12809) - Fix: Enforce autorenew values range in command (r12808) - Fix: Possible NULL pointer dereference when reading some NewGRF data [FS#1913] (r12637) - Fix: Binding to a specific IP could cause OpenTTD to not register properly with the masterserver if one has multiple external interfaces (r12574) --- src/aircraft_cmd.cpp | 6 ++++-- src/lang/english.txt | 2 +- src/network/core/config.h | 9 ++------- src/network/core/udp.cpp | 3 +++ src/network/network_udp.cpp | 4 ++-- src/players.cpp | 4 ++++ src/train_cmd.cpp | 19 ++++++++++++++----- 7 files changed, 30 insertions(+), 17 deletions(-) diff --git a/src/aircraft_cmd.cpp b/src/aircraft_cmd.cpp index 8168e21443..9cfa3ba143 100644 --- a/src/aircraft_cmd.cpp +++ b/src/aircraft_cmd.cpp @@ -190,15 +190,17 @@ void DrawAircraftEngine(int x, int y, EngineID engine, SpriteID pal) { const AircraftVehicleInfo* avi = AircraftVehInfo(engine); int spritenum = avi->image_index; - SpriteID sprite = (6 + _aircraft_sprite[spritenum]); + SpriteID sprite = 0; if (is_custom_sprite(spritenum)) { sprite = GetCustomVehicleIcon(engine, DIR_W); if (sprite == 0) { spritenum = _orig_aircraft_vehicle_info[engine - AIRCRAFT_ENGINES_INDEX].image_index; - sprite = (6 + _aircraft_sprite[spritenum]); } } + if (sprite == 0) { + sprite = 6 + _aircraft_sprite[spritenum]; + } DrawSprite(sprite, pal, x, y); diff --git a/src/lang/english.txt b/src/lang/english.txt index fa5efb42ab..e694e23bb0 100644 --- a/src/lang/english.txt +++ b/src/lang/english.txt @@ -1064,7 +1064,7 @@ STR_CONFIG_PATCHES_ORDER_REVIEW_ON :of all vehicles STR_CONFIG_PATCHES_WARN_INCOME_LESS :{LTBLUE}Warn if a train's income is negative: {ORANGE}{STRING1} STR_CONFIG_PATCHES_NEVER_EXPIRE_VEHICLES :{LTBLUE}Vehicles never expire: {ORANGE}{STRING1} STR_CONFIG_PATCHES_AUTORENEW_VEHICLE :{LTBLUE}Autorenew vehicle when it gets old -STR_CONFIG_PATCHES_AUTORENEW_MONTHS :{LTBLUE}Autorenew when vehice is {ORANGE}{STRING1}{LTBLUE} months before/after max age +STR_CONFIG_PATCHES_AUTORENEW_MONTHS :{LTBLUE}Autorenew when vehicle is {ORANGE}{STRING1}{LTBLUE} months before/after max age STR_CONFIG_PATCHES_AUTORENEW_MONEY :{LTBLUE}Autorenew minimum needed money for renew: {ORANGE}{STRING1} STR_CONFIG_PATCHES_ERRMSG_DURATION :{LTBLUE}Duration of error message: {ORANGE}{STRING1} STR_CONFIG_PATCHES_POPULATION_IN_LABEL :{LTBLUE}Show town population in the town name label: {ORANGE}{STRING1} diff --git a/src/network/core/config.h b/src/network/core/config.h index f2f21c59dc..d9f8ac58d4 100644 --- a/src/network/core/config.h +++ b/src/network/core/config.h @@ -38,14 +38,9 @@ enum { /** * Maximum number of GRFs that can be sent. * This value is related to number of handles (files) OpenTTD can open. - * This is currently 64 and about 10 are currently used when OpenTTD loads - * without any NewGRFs. Therefore one can only load about 55 NewGRFs, so - * this is not a limit, but rather a way to easily check whether the limit - * imposed by the handle count is reached. Secondly it isn't possible to - * send much more GRF IDs + MD5sums in the PACKET_UDP_SERVER_RESPONSE, due - * to the limited size of UDP packets. + * This is currently 64. Two are used for configuration and sound. */ - NETWORK_MAX_GRF_COUNT = 55, + NETWORK_MAX_GRF_COUNT = 62, NETWORK_NUM_LANGUAGES = 29, ///< Number of known languages (to the network protocol) + 1 for 'any'. /** diff --git a/src/network/core/udp.cpp b/src/network/core/udp.cpp index 6c8b56a533..77a4c81aec 100644 --- a/src/network/core/udp.cpp +++ b/src/network/core/udp.cpp @@ -221,6 +221,9 @@ void NetworkUDPSocketHandler::Recv_NetworkGameInfo(Packet *p, NetworkGameInfo *i uint i; uint num_grfs = p->Recv_uint8(); + /* Broken/bad data. It cannot have that many NewGRFs. */ + if (num_grfs > NETWORK_MAX_GRF_COUNT) return; + for (i = 0; i < num_grfs; i++) { GRFConfig *c = CallocT(1); this->Recv_GRFIdentifier(p, c); diff --git a/src/network/network_udp.cpp b/src/network/network_udp.cpp index 3ffe45f9b9..2afe4e019b 100644 --- a/src/network/network_udp.cpp +++ b/src/network/network_udp.cpp @@ -519,7 +519,7 @@ void NetworkUDPRemoveAdvertise() /* check for socket */ if (!_udp_master_socket->IsConnected()) { - if (!_udp_master_socket->Listen(0, 0, false)) return; + if (!_udp_master_socket->Listen(_network_server_bind_ip, 0, false)) return; } DEBUG(net, 1, "[udp] removing advertise from master server"); @@ -549,7 +549,7 @@ void NetworkUDPAdvertise() /* check for socket */ if (!_udp_master_socket->IsConnected()) { - if (!_udp_master_socket->Listen(0, 0, false)) return; + if (!_udp_master_socket->Listen(_network_server_bind_ip, 0, false)) return; } if (_network_need_advertise) { diff --git a/src/players.cpp b/src/players.cpp index 0e2bf50868..5a082fc463 100644 --- a/src/players.cpp +++ b/src/players.cpp @@ -670,6 +670,7 @@ CommandCost CmdSetAutoReplace(TileIndex tile, uint32 flags, uint32 p1, uint32 p2 } break; case 1: + if (Clamp((int16)p2, -12, 12) != (int16)p2) return CMD_ERROR; if (p->engine_renew_months == (int16)p2) return CMD_ERROR; @@ -682,6 +683,7 @@ CommandCost CmdSetAutoReplace(TileIndex tile, uint32 flags, uint32 p1, uint32 p2 } break; case 2: + if (ClampU(p2, 0, 2000000) != p2) return CMD_ERROR; if (p->engine_renew_money == (uint32)p2) return CMD_ERROR; @@ -730,6 +732,8 @@ CommandCost CmdSetAutoReplace(TileIndex tile, uint32 flags, uint32 p1, uint32 p2 } case 4: + if (Clamp((int16)GB(p1, 16, 16), -12, 12) != (int16)GB(p1, 16, 16)) return CMD_ERROR; + if (ClampU(p2, 0, 2000000) != p2) return CMD_ERROR; if (flags & DC_EXEC) { p->engine_renew = HasBit(p1, 15); p->engine_renew_months = (int16)GB(p1, 16, 16); diff --git a/src/train_cmd.cpp b/src/train_cmd.cpp index a5cffd820e..aa87b50ff2 100644 --- a/src/train_cmd.cpp +++ b/src/train_cmd.cpp @@ -200,12 +200,24 @@ void TrainConsistChanged(Vehicle* v) /* Check the v->first cache. */ assert(u->First() == v); - if (!HasBit(EngInfo(u->engine_type)->misc_flags, EF_RAIL_TILTS)) train_can_tilt = false; - /* update the 'first engine' */ u->u.rail.first_engine = v == u ? INVALID_ENGINE : first_engine; u->u.rail.railtype = rvi_u->railtype; + /* Set user defined data to its default value */ + u->u.rail.user_def_data = rvi_u->user_def_data; + } + + for (Vehicle *u = v; u != NULL; u = u->Next()) { + /* Update user defined data (must be done before other properties) */ + u->u.rail.user_def_data = GetVehicleProperty(u, 0x25, u->u.rail.user_def_data); + } + + for (Vehicle *u = v; u != NULL; u = u->Next()) { + const RailVehicleInfo *rvi_u = RailVehInfo(u->engine_type); + + if (!HasBit(EngInfo(u->engine_type)->misc_flags, EF_RAIL_TILTS)) train_can_tilt = false; + if (IsTrainEngine(u)) first_engine = u->engine_type; /* Cache wagon override sprite group. NULL is returned if there is none */ @@ -214,9 +226,6 @@ void TrainConsistChanged(Vehicle* v) /* Reset color map */ u->colormap = PAL_NONE; - /* Set user defined data (must be done before other properties) */ - u->u.rail.user_def_data = GetVehicleProperty(u, 0x25, rvi_u->user_def_data); - if (rvi_u->visual_effect != 0) { u->u.rail.cached_vis_effect = rvi_u->visual_effect; } else {