diff --git a/changelog b/changelog index a9fd79b527b..637b8256cce 100644 --- a/changelog +++ b/changelog @@ -51,6 +51,8 @@ Version 1.13.0+dev: * Updated mainline campaigns and multiplayer scenarios to use [filter] status= instead of [filter] [filter_wml] [status] * Fixed a segfault in [move_units_fake] + * Fixed unbound memory read in the MP map selection screen that could lead + to a segmentation fault or other abnormal behavior (bug #23606). Version 1.13.0: * Security fixes: diff --git a/src/game_initialization/create_engine.cpp b/src/game_initialization/create_engine.cpp index d3f7e3858f5..52f5a50cbcb 100644 --- a/src/game_initialization/create_engine.cpp +++ b/src/game_initialization/create_engine.cpp @@ -148,7 +148,7 @@ surface scenario::create_image_surface(const SDL_Rect& image_rect) return minimap_img_; } - std::basic_string current_hash = util::md5(map_->write()); + std::string current_hash = util::encode_hash(util::md5(map_->write())); if (minimap_img_.null() || (map_hash_ != current_hash)) { // If there's no minimap image, or the map hash doesn't match, regenerate the image cache. minimap_img_ = image::getMinimap(image_rect.w, image_rect.h, *map_, 0); diff --git a/src/game_initialization/create_engine.hpp b/src/game_initialization/create_engine.hpp index a7c54249585..a87f5fe86c0 100644 --- a/src/game_initialization/create_engine.hpp +++ b/src/game_initialization/create_engine.hpp @@ -89,7 +89,7 @@ protected: boost::scoped_ptr map_; surface minimap_img_; - std::basic_string map_hash_; + std::string map_hash_; private: scenario(const scenario&); diff --git a/src/hash.hpp b/src/hash.hpp index 854ded0deab..e71e9f3086d 100644 --- a/src/hash.hpp +++ b/src/hash.hpp @@ -19,6 +19,13 @@ namespace util { +/** + * Returns the MD5 digest for the specified input. + * + * @note The returned value points to a fixed-size 16 bytes array representing + * the raw MD5 value, not a null-terminated string. Use encode_hash if + * you need the text representation instead. + */ unsigned char* md5(const std::string& input); int get_iteration_count(const std::string& hash); std::string get_salt(const std::string& hash);