From 01bfb1540f9e6dba72897b5e8cc317aba3e2d036 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Sun, 25 Sep 2016 16:57:52 +0100 Subject: [PATCH] UI_BuildFindPlayerList: avoid array underflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This function is used in the Team Arena menus I don't think it's actually possible to reach this line with foundPlayerServerNames < 1, because by the time we get here we have set it to 1 + the actual number of servers; but if we did, it would clearly underflow into foundPlayerServerNames[-1], which would be undefined behaviour. gcc 6 diagnoses this with a warning: code/ui/ui_main.c: In function ‘UI_BuildFindPlayerList’: code/ui/ui_main.c:4138:16: warning: array subscript is below array bounds [-Warray-bounds] Also correct the sizeof() invocation to make it more obviously correct (in fact the buffers for names and addresses happen to both be of size MAX_ADDRESSLENGTH, so it was fine, but it's good to be obvious). --- code/ui/ui_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/ui/ui_main.c b/code/ui/ui_main.c index a1539f33..044c00ff 100644 --- a/code/ui/ui_main.c +++ b/code/ui/ui_main.c @@ -4135,7 +4135,7 @@ static void UI_BuildFindPlayerList(qboolean force) { else { // add a line that shows the number of servers found if (!uiInfo.numFoundPlayerServers) { - Com_sprintf(uiInfo.foundPlayerServerNames[uiInfo.numFoundPlayerServers-1], sizeof(uiInfo.foundPlayerServerAddresses[0]), "no servers found"); + Com_sprintf(uiInfo.foundPlayerServerNames[0], sizeof(uiInfo.foundPlayerServerNames[0]), "no servers found"); } else { Com_sprintf(uiInfo.foundPlayerServerNames[uiInfo.numFoundPlayerServers-1], sizeof(uiInfo.foundPlayerServerAddresses[0]),