Validate staticdata and object property length limits (#11511)

[minetest.git] / src / staticobject.cpp

diff --git a/src/staticobject.cpp b/src/staticobject.cpp
index 86e455b9f65093247d5aaf09609733657e6d1db0..1160ec68f1c01dee8aa3c6791eec6ecf65ae09fc 100644 (file)
--- a/src/staticobject.cpp
+++ b/src/staticobject.cpp
@@ -37,6 +37,7 @@ void StaticObject::serialize(std::ostream &os)
        // data
        os<<serializeString16(data);
 }
+
 void StaticObject::deSerialize(std::istream &is, u8 version)
 {
        // type
@@ -49,6 +50,29 @@ void StaticObject::deSerialize(std::istream &is, u8 version)
 
 void StaticObjectList::serialize(std::ostream &os)
 {
+       // Check for problems first
+       auto problematic = [] (StaticObject &obj) -> bool {
+               if (obj.data.size() > U16_MAX) {
+                       errorstream << "StaticObjectList::serialize(): "
+                               "object has excessive static data (" << obj.data.size() <<
+                               "), deleting it." << std::endl;
+                       return true;
+               }
+               return false;
+       };
+       for (auto it = m_stored.begin(); it != m_stored.end(); ) {
+               if (problematic(*it))
+                       it = m_stored.erase(it);
+               else
+                       it++;
+       }
+       for (auto it = m_active.begin(); it != m_active.end(); ) {
+               if (problematic(it->second))
+                       it = m_active.erase(it);
+               else
+                       it++;
+       }
+
        // version
        u8 version = 0;
        writeU8(os, version);