StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

Fixed possible pointer issues.

Browse Source
This commit is contained in:
irungentoo 2014-04-19 11:28:46 -04:00
parent db3672bf3f
commit 39ac20fc2d
No known key found for this signature in database
GPG Key ID: 10349DC9BED89E98
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
toxcore/Messenger.c
View File

@ -2733,12 +2733,13 @@ static int messenger_load_state_callback(void *outer, uint8_t *data, uint32_t le
/* Load the messenger from data of size length. */
int messenger_load(Messenger *m, uint8_t *data, uint32_t length)
{
uint32_t cookie_len = 2 * sizeof(uint32_t);
uint32_t data32[2];
uint32_t cookie_len = sizeof(data32);
if (length < cookie_len)
return -1;
uint32_t *data32 = (uint32_t *)data;
memcpy(data32, data, sizeof(data32));
if (!data32[0] && (data32[1] == MESSENGER_STATE_COOKIE_GLOBAL))
return load_state(messenger_load_state_callback, m, data + cookie_len,

6
toxcore/util.c
View File

@ -99,11 +99,11 @@ int load_state(load_state_callback_func load_state_callback, void *outer,
uint16_t type;
uint32_t length_sub, cookie_type;
uint32_t size32 = sizeof(uint32_t), size_head = size32 * 2;
uint32_t size_head = sizeof(uint32_t) * 2;
while (length >= size_head) {
length_sub = *(uint32_t *)data;
cookie_type = *(uint32_t *)(data + size32);
memcpy(&length_sub, data, sizeof(length_sub));
memcpy(&cookie_type, data + sizeof(length_sub), sizeof(cookie_type));
data += size_head;
length -= size_head;