Follow-up Comment #9, bug #20003 (project freeciv):

> (What seems odd is that the exploit seems to send many 0xff's,
> and I would have expected the opposite)

Problem is that in error situation - when there's no more data -
dio_get_uint8() returns 0, not 255. So if there's not enough data, it will try
to read it in infinite loop.

I see two possible ways to fix this. I have to investigate consequences to
other parts of the code more to decide better one.


Reply to this item at:


  Message sent via/by Gna!

Freeciv-dev mailing list

Reply via email to