Inventory: Fix rare out-of-bounds access

Co-authored-by: Thomas--S <info@thomas-stangl.de>
minetest · Aug 23, 2021 · eea488e · eea488e
1 parent dad87a3
commit eea488e
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/src/inventorymanager.cpp b/src/inventorymanager.cpp
@@ -273,7 +273,7 @@ void IMoveAction::apply(InventoryManager *mgr, ServerActiveObject *player, IGame
 	}
 	if (!list_to) {
 		infostream << "IMoveAction::apply(): FAIL: destination list not found: "
-			<< "to_inv=\""<<to_inv.dump() << "\""
+			<< "to_inv=\"" << to_inv.dump() << "\""
 			<< ", to_list=\"" << to_list << "\"" << std::endl;
 		return;
 	}
@@ -322,12 +322,20 @@ void IMoveAction::apply(InventoryManager *mgr, ServerActiveObject *player, IGame
 		return;
 	}
 
-	if ((u16)to_i > list_to->getSize()) {
+	if (from_i < 0 || list_from->getSize() <= (u32) from_i) {
+		infostream << "IMoveAction::apply(): FAIL: source index out of bounds: "
+			<< "size of from_list=\"" << list_from->getSize() << "\""
+			<< ", from_index=\"" << from_i << "\"" << std::endl;
+		return;
+	}
+
+	if (to_i < 0 || list_to->getSize() <= (u32) to_i) {
 		infostream << "IMoveAction::apply(): FAIL: destination index out of bounds: "
-			<< "to_i=" << to_i
-			<< ", size=" << list_to->getSize() << std::endl;
+			<< "size of to_list=\"" << list_to->getSize() << "\""
+			<< ", to_index=\"" << to_i << "\"" << std::endl;
 		return;
 	}
+
 	/*
 		Do not handle rollback if both inventories are that of the same player
 	*/