From 01a743cd351d146e9b9ea7f7ca5b1c05e01da68e Mon Sep 17 00:00:00 2001 From: Simon Howard Date: Sun, 22 Feb 2015 00:28:23 -0500 Subject: Fix mistaken uses of memcpy() on overlapping memory. The source and destination arguments to memcpy() cannot be overlapping as this is undefined behavior. In these situations memmove() must be used instead, and OpenBSD actually throws an error if this is done. Thanks to ryan-sg for reporting this. This fixes #510. --- src/net_client.c | 4 ++-- src/net_server.c | 3 ++- src/net_structrw.c | 2 +- textscreen/txt_io.c | 4 ++-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/net_client.c b/src/net_client.c index e0037e3e..ac81e367 100644 --- a/src/net_client.c +++ b/src/net_client.c @@ -279,8 +279,8 @@ static void NET_CL_AdvanceWindow(void) // Advance the window - memcpy(recvwindow, recvwindow + 1, - sizeof(net_server_recv_t) * (BACKUPTICS - 1)); + memmove(recvwindow, recvwindow + 1, + sizeof(net_server_recv_t) * (BACKUPTICS - 1)); memset(&recvwindow[BACKUPTICS-1], 0, sizeof(net_server_recv_t)); ++recvwindow_start; diff --git a/src/net_server.c b/src/net_server.c index b4496bb5..b3ec1693 100644 --- a/src/net_server.c +++ b/src/net_server.c @@ -514,7 +514,8 @@ static void NET_SV_AdvanceWindow(void) // Advance the window - memcpy(recvwindow, recvwindow + 1, sizeof(*recvwindow) * (BACKUPTICS - 1)); + memmove(recvwindow, recvwindow + 1, + sizeof(*recvwindow) * (BACKUPTICS - 1)); memset(&recvwindow[BACKUPTICS-1], 0, sizeof(*recvwindow)); ++recvwindow_start; diff --git a/src/net_structrw.c b/src/net_structrw.c index 60316dc7..a820df5f 100644 --- a/src/net_structrw.c +++ b/src/net_structrw.c @@ -316,7 +316,7 @@ void NET_TiccmdDiff(ticcmd_t *tic1, ticcmd_t *tic2, net_ticdiff_t *diff) void NET_TiccmdPatch(ticcmd_t *src, net_ticdiff_t *diff, ticcmd_t *dest) { - memcpy(dest, src, sizeof(ticcmd_t)); + memmove(dest, src, sizeof(ticcmd_t)); // Apply the diff diff --git a/textscreen/txt_io.c b/textscreen/txt_io.c index ed25503c..0c5e274f 100644 --- a/textscreen/txt_io.c +++ b/textscreen/txt_io.c @@ -39,8 +39,8 @@ static void NewLine(unsigned char *screendata) cur_y = TXT_SCREEN_H - 1; - memcpy(screendata, screendata + TXT_SCREEN_W * 2, - TXT_SCREEN_W * 2 * (TXT_SCREEN_H -1)); + memmove(screendata, screendata + TXT_SCREEN_W * 2, + TXT_SCREEN_W * 2 * (TXT_SCREEN_H -1)); // Clear the bottom line -- cgit v1.2.3