Follow-up Comment #9, bug #20003 (project freeciv):
> (What seems odd is that the exploit seems to send many 0xff's,
> and I would have expected the opposite)
Problem is that in error situation - when there's no more data -
dio_get_uint8() returns 0, not 255. So if there's not enough data, it will try
to read it in infinite loop.
I see two possible ways to fix this. I have to investigate consequences to
other parts of the code more to decide better one.
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?20003>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Freeciv-dev mailing list
[email protected]
https://mail.gna.org/listinfo/freeciv-dev
