You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In void Packet::Recv_string(char *buffer, size_t size, bool allow_newlines) a string is cut off at buffer + size. If buffer + size - 1] is the begin of a 2 byte Unicode character that gets encoded into 4 bytes str_validate will later read over the null termination.
The same can (does) happen at many other places where str_validate is called. The solution would be to pass a lastof pointer or something equivalent to str_validate and make str_validate cut off the whole 'unfinished' encoded Unicode character.
Rubidium opened the ticket and wrote:
Reported version: trunk
Operating system: All
This issue was imported from FlySpray: https://bugs.openttd.org/task/2698
The text was updated successfully, but these errors were encountered: