From: sfan5 <sfan5@live.de>
Date: Thu, 15 Aug 2019 15:17:17 +0000 (+0200)
Subject: network: Fix crash in ReliablePacketBuffer on mismatching packets
X-Git-Tag: 5.1.0~101
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c4491165da36db5c6a3e401cd439dbaedb65c9b6;p=oweals%2Fminetest.git

network: Fix crash in ReliablePacketBuffer on mismatching packets

In the error condition the exception would be thrown before m_list_size
is decremented, causing a nullptr dereference in e.g. popFirst().
---

diff --git a/src/network/connection.cpp b/src/network/connection.cpp
index 913088da7..3c6cc5f3f 100644
--- a/src/network/connection.cpp
+++ b/src/network/connection.cpp
@@ -322,6 +322,10 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected)
 	}
 
 	if (s == seqnum) {
+		/* nothing to do this seems to be a resent packet */
+		/* for paranoia reason data should be compared */
+		--m_list_size;
+
 		if (
 			(readU16(&(i->data[BASE_HEADER_SIZE+1])) != seqnum) ||
 			(i->data.getSize() != p.data.getSize()) ||
@@ -340,10 +344,6 @@ void ReliablePacketBuffer::insert(BufferedPacket &p,u16 next_expected)
 					p.address.serializeString().c_str());
 			throw IncomingDataCorruption("duplicated packet isn't same as original one");
 		}
-
-		/* nothing to do this seems to be a resent packet */
-		/* for paranoia reason data should be compared */
-		--m_list_size;
 	}
 	/* insert or push back */
 	else if (i != m_list.end()) {