Follow-up Comment #9, bug #20003 (project freeciv):

> (What seems odd is that the exploit seems to send many 0xff's,
> and I would have expected the opposite)

Problem is that in error situation - when there's no more data -
dio_get_uint8() returns 0, not 255. So if there's not enough data, it will try
to read it in infinite loop.

I see two possible ways to fix this. I have to investigate consequences to
other parts of the code more to decide better one.

    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?20003>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to