aboutsummaryrefslogtreecommitdiff
path: root/src/frontend
diff options
context:
space:
mode:
authorLoek Le Blansch <loek@pipeframe.xyz>2024-10-06 19:02:24 +0200
committerLoek Le Blansch <loek@pipeframe.xyz>2024-10-06 19:02:24 +0200
commite31285fbadf76b1edf7ffc17ddfc06e9c204821a (patch)
tree483d0315f42a9acac64e7d83b23cf8f3b16ab59f /src/frontend
parent1609ecbe1e217c48189e377060b4068de90c594e (diff)
fix buffer overrun (fiddling finally working consistently)HEADmaster
Diffstat (limited to 'src/frontend')
-rw-r--r--src/frontend/qt_sdl/LocalMP.cpp3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/frontend/qt_sdl/LocalMP.cpp b/src/frontend/qt_sdl/LocalMP.cpp
index 8d3dd8a..a18a64f 100644
--- a/src/frontend/qt_sdl/LocalMP.cpp
+++ b/src/frontend/qt_sdl/LocalMP.cpp
@@ -489,6 +489,7 @@ int SendPacketGeneric(u32 type, u8* packet, int len, u64 timestamp)
#ifdef VSR_MESSAGE_FIDDLING
u16 pcmeta_type = *(u16*)(packet + 0x2a);
+ u16 pcmeta_body_len = *(u8*)(packet + 0x30);
if (fiddle && type == 1 && pictochat && pcmeta_type == 2) { // content type is message fragment
unsigned safe = 0;
@@ -499,7 +500,7 @@ int SendPacketGeneric(u32 type, u8* packet, int len, u64 timestamp)
safe = 0x24; // don't touch the first 0x24 bytes
}
- for (size_t i = safe; i < 0xa0; i++) {
+ for (size_t i = safe; i < pcmeta_body_len; i++) {
size_t msgdata_offset = content_offset + i - 0x24;
packet[0x36 + i] = VSR_PC_MSG_DATA[msgdata_offset];
}