godot/core/io
Fabio Alessandrelli feaf03421d Fix marshalls size checks.
Yesterday, when playing around with my network code, I realized there is
a security issue in decode_variant, at least when decoding PoolArrays.
Basically, the size of the PoolArray is encoded in a uint32_t, when
decoding it, that value is cast to int when comparing if the packet is
actually that size causing numbers with MSB=1 to be interpreted as
negative thus always passing the check. That same value though, is used
as uint32_t again to resize the output vector.  For this reason, sending
a malformed packet with declared type PoolByteArray and size of 2^31(+x)
causes the engine to try to allocate 2+GB of pool memory, causing the
engine to crash.

(cherry picked from commit 5262d1bbcc)
2018-07-29 03:00:34 +02:00
..
compression.cpp Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
compression.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
config_file.cpp Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
config_file.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_buffered_fa.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_buffered.cpp Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_buffered.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_compressed.cpp Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_compressed.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_encrypted.cpp Reduce unnecessary COW on Vector by make writing explicit 2018-07-26 00:54:16 +02:00
file_access_encrypted.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_memory.cpp Reduce unnecessary COW on Vector by make writing explicit 2018-07-26 00:54:16 +02:00
file_access_memory.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_network.cpp Reduce unnecessary COW on Vector by make writing explicit 2018-07-26 00:54:16 +02:00
file_access_network.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_pack.cpp Fix listing files inside directory in pack file 2018-03-18 14:04:50 +01:00
file_access_pack.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_zip.cpp Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
file_access_zip.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
http_client.cpp Reduce unnecessary COW on Vector by make writing explicit 2018-07-26 00:54:16 +02:00
http_client.h HTTP client now uses non blocking handshake 2018-07-16 13:08:17 +02:00
image_loader.cpp fix API string path 2018-04-30 09:38:18 +02:00
image_loader.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
ip_address.cpp Fix typos with codespell 2018-02-21 19:46:06 +01:00
ip_address.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
ip.cpp Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
ip.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
json.cpp Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
json.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
logger.cpp Fixed regression making the logger not respect the max files limit. 2018-06-12 12:57:48 -03:00
logger.h Update copyright statements to 2018 2018-01-01 14:40:47 +01:00
marshalls.cpp Fix marshalls size checks. 2018-07-29 03:00:34 +02:00
marshalls.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
multiplayer_api.cpp doc: Sync classref with current source 2018-07-26 11:56:21 +02:00
multiplayer_api.h MultiplayerAPI::send_bytes transfer mode support. 2018-07-08 09:47:22 +02:00
networked_multiplayer_peer.cpp Bind many more properties to scripts 2018-01-12 00:58:14 +02:00
networked_multiplayer_peer.h Bind many more properties to scripts 2018-01-12 00:58:14 +02:00
packet_peer_udp.cpp Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
packet_peer_udp.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
packet_peer.cpp Reduce unnecessary COW on Vector by make writing explicit 2018-07-26 00:54:16 +02:00
packet_peer.h Bind many more properties to scripts 2018-01-12 00:58:14 +02:00
pck_packer.cpp Reduce unnecessary COW on Vector by make writing explicit 2018-07-26 00:54:16 +02:00
pck_packer.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
resource_format_binary.cpp Reduce unnecessary COW on Vector by make writing explicit 2018-07-26 00:54:16 +02:00
resource_format_binary.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
resource_import.cpp Removed PBM bitmap loader, added abiliy to importi mages as bitmap. Fixes #14828 2018-01-06 16:38:36 -03:00
resource_import.h Removed PBM bitmap loader, added abiliy to importi mages as bitmap. Fixes #14828 2018-01-06 16:38:36 -03:00
resource_loader.cpp Reduce unnecessary COW on Vector by make writing explicit 2018-07-26 00:54:16 +02:00
resource_loader.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
resource_saver.cpp fix API string path 2018-04-30 09:38:18 +02:00
resource_saver.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
SCsub Add an option to use zstd's recently introduced long range matching (off by default). 2017-10-27 12:26:13 -04:00
stream_peer_ssl.cpp doc: Sync classref with current source 2018-07-26 11:56:21 +02:00
stream_peer_ssl.h Implement non blocking-handshake for StreamPeerSSL 2018-07-16 13:08:17 +02:00
stream_peer_tcp.cpp Display set_nodelay to GDScript 2018-01-30 13:22:15 -02:00
stream_peer_tcp.h Display set_nodelay to GDScript 2018-01-30 13:22:15 -02:00
stream_peer.cpp Reduce unnecessary COW on Vector by make writing explicit 2018-07-26 00:54:16 +02:00
stream_peer.h Change function signature from float to double to match type get_doubleCloses #16160 2018-01-29 15:45:46 -08:00
tcp_server.cpp Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
tcp_server.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
translation_loader_po.cpp Fix loading PO files with missing newline after last msgstr 2018-07-24 13:32:37 +02:00
translation_loader_po.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
xml_parser.cpp Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
xml_parser.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00
zip_io.h Add missing copyright headers and fix formatting 2018-01-05 01:22:23 +01:00