Skip to content

Commit

Permalink
fix: infinite loop + add security to while loops
Browse files Browse the repository at this point in the history
  • Loading branch information
ei-pi authored and hsanger committed Apr 1, 2024
1 parent 8c9830d commit 08c60b9
Show file tree
Hide file tree
Showing 6 changed files with 19 additions and 8 deletions.
4 changes: 4 additions & 0 deletions client/src/scripts/game.ts
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,11 @@ export class Game {
// Handle incoming messages
this._socket.onmessage = (message: MessageEvent<ArrayBuffer>): void => {
const stream = new PacketStream(new SuroiBitStream(message.data));
let iterationCount = 0;
while (true) {
if (++iterationCount === 1e3) {
console.warn("1000 iterations of packet reading; possible infinite loop");
}
const packet = stream.readPacket();
if (packet === undefined) break;
this.onPacket(packet);
Expand Down
9 changes: 6 additions & 3 deletions client/src/scripts/managers/uiManager.ts
Original file line number Diff line number Diff line change
Expand Up @@ -639,10 +639,13 @@ export class UIManager {

this.ui.killFeed.prepend(killFeedItem);
if (!UI_DEBUG_MODE) {
const children = this.ui.killFeed.children();
let iterationCount = 0;
while (this.ui.killFeed.children().length > 5) {
if (++iterationCount === 1e3) {
console.warn("1000 iterations of removing killfeed entries; possible infinite loop");
}

while (children.length > 5) {
children
this.ui.killFeed.children()
.last()
.remove();
}
Expand Down
1 change: 0 additions & 1 deletion client/src/scripts/objects/loot.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import { ObjectCategory, ZIndexes } from "../../../../common/src/constants";
import { type AmmoDefinition } from "../../../../common/src/definitions/ammos";
import { ArmorType } from "../../../../common/src/definitions/armors";
import { type LootDefinition } from "../../../../common/src/definitions/loots";
import { CircleHitbox } from "../../../../common/src/utils/hitbox";
Expand Down
7 changes: 4 additions & 3 deletions client/src/scripts/ui.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1174,9 +1174,10 @@ Video evidence is required.`)) {
"#toggle-hide-minimap",
"cv_minimap_minimized",
value => {
//hack minimap code is hacky and it scares me too much
//hack for me to add a "setVisible" method or smth
while (game.map.visible === value) {
//HACK minimap code is hacky and it scares me too much
//HACK for me to add a "setVisible" method or smth
let iterationCount = 0;
while (game.map.visible === value && ++iterationCount < 100) {
game.map.toggleMinimap();
}
}
Expand Down
4 changes: 4 additions & 0 deletions client/src/scripts/utils/console/gameConsole.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1383,8 +1383,12 @@ export class GameConsole {
*/
pushGroupAnchorIfPresent();

let iterationCount = 0;
// eslint-disable-next-line no-unmodified-loop-condition -- cfa fix when™
while (currentNode !== undefined) {
if (++iterationCount === 1e3) {
console.warn("1000 iterations of query parsing; possible infinite loop");
}
error = false;
const entity = currentNode.cmd;

Expand Down
2 changes: 1 addition & 1 deletion server/src/server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ app.ws("/play", {
// Bot, cheater & VPN protection
//
const ip = getIP(res, req);
const ipv4 = convertToIPv4(ip); // Shouldnt REALLY need to do this but idk if people will have an ipv6 its happened before :shrug:
const ipv4 = convertToIPv4(ip); // Shouldn't REALLY need to do this but idk if people will have an ipv6 its happened before :shrug:
if (
VPN_IPV4.includes(ipv4)
) {
Expand Down

0 comments on commit 08c60b9

Please sign in to comment.