From 46bc8cca4d1d63a23997870d0bda6c9471eb1e80 Mon Sep 17 00:00:00 2001 From: Adam Johnson Date: Sat, 2 Oct 2021 00:55:10 -0400 Subject: [PATCH] Correctly allocate the NetVaultNode in pyVaultPlayerInfoListNode. The affected code was ported from H'uru where NetVaultNode has a zeroing constructor. OU does not have a zeroing constructor for this class, and instead assumes that all allocations will be done with NEWZERO (there is a debug mode assertion to this effect). The result of the improper allocation is that the node fields flag could be garbage, causing a vault node with random contents to be written to the server. Unfortunately, NetVaultNode::Read_LCS is not extremely resilient to reading in unexpected data, so this may result in a crash. --- .../Plasma/FeatureLib/pfPython/pyVaultPlayerInfoListNode.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Plasma/FeatureLib/pfPython/pyVaultPlayerInfoListNode.cpp b/Sources/Plasma/FeatureLib/pfPython/pyVaultPlayerInfoListNode.cpp index 7e1cfb1d..7a4c489e 100644 --- a/Sources/Plasma/FeatureLib/pfPython/pyVaultPlayerInfoListNode.cpp +++ b/Sources/Plasma/FeatureLib/pfPython/pyVaultPlayerInfoListNode.cpp @@ -107,7 +107,7 @@ void pyVaultPlayerInfoListNode::AddPlayer( UInt32 playerID ) if (HasPlayer(playerID) || !fNode) return; - NetVaultNode* templateNode = new NetVaultNode(); + NetVaultNode* templateNode = NEWZERO(NetVaultNode); templateNode->IncRef(); templateNode->SetNodeType(plVault::kNodeType_PlayerInfo); VaultPlayerInfoNode access(templateNode);