shithub: choc

Info  •  Files  •  Log  •  Branches

Fix mistaken uses of memcpy() on overlapping memory.

The source and destination arguments to memcpy() cannot be overlapping
as this is undefined behavior. In these situations memmove() must be
used instead, and OpenBSD actually throws an error if this is done.

Thanks to ryan-sg for reporting this. This fixes #510.

--- a/src/net_client.c

+++ b/src/net_client.c

@@ -279,8 +279,8 @@

         // Advance the window

-        memcpy(recvwindow, recvwindow + 1, 

-               sizeof(net_server_recv_t) * (BACKUPTICS - 1));

+        memmove(recvwindow, recvwindow + 1,

+                sizeof(net_server_recv_t) * (BACKUPTICS - 1));

         memset(&recvwindow[BACKUPTICS-1], 0, sizeof(net_server_recv_t));

         ++recvwindow_start;

--- a/src/net_server.c

+++ b/src/net_server.c

@@ -514,7 +514,8 @@

         // Advance the window

-        memcpy(recvwindow, recvwindow + 1, sizeof(*recvwindow) * (BACKUPTICS - 1));

+        memmove(recvwindow, recvwindow + 1,

+                sizeof(*recvwindow) * (BACKUPTICS - 1));

         memset(&recvwindow[BACKUPTICS-1], 0, sizeof(*recvwindow));

         ++recvwindow_start;

--- a/src/net_structrw.c

+++ b/src/net_structrw.c

@@ -316,7 +316,7 @@

 void NET_TiccmdPatch(ticcmd_t *src, net_ticdiff_t *diff, ticcmd_t *dest)

 {

-    memcpy(dest, src, sizeof(ticcmd_t));

+    memmove(dest, src, sizeof(ticcmd_t));

     // Apply the diff

--- a/textscreen/txt_io.c

+++ b/textscreen/txt_io.c

@@ -39,8 +39,8 @@

         cur_y = TXT_SCREEN_H - 1;

-        memcpy(screendata, screendata + TXT_SCREEN_W * 2,

-               TXT_SCREEN_W * 2 * (TXT_SCREEN_H -1));

+        memmove(screendata, screendata + TXT_SCREEN_W * 2,

+                TXT_SCREEN_W * 2 * (TXT_SCREEN_H -1));

         // Clear the bottom line