(svn r10827) -Fix [FS#1112]: out of bounds access in corner case of list allocations of vehicles.
--- a/src/oldpool.h Tue Aug 07 23:07:10 2007 +0000
+++ b/src/oldpool.h Wed Aug 08 14:18:05 2007 +0000
@@ -234,22 +234,14 @@
return false;
}
-protected:
- /**
- * Allocate a pool item; possibly allocate a new block in the pool.
- * @return the allocated pool item (or NULL when the pool is full).
- */
- static inline T *AllocateRaw()
- {
- return AllocateRaw(Tpool->first_free_index);
- }
-
+private:
/**
* Allocate a pool item; possibly allocate a new block in the pool.
* @param first the first pool item to start searching
+ * @pre first <= Tpool->GetSize()
* @return the allocated pool item (or NULL when the pool is full).
*/
- static inline T *AllocateRaw(uint &first)
+ static inline T *AllocateSafeRaw(uint &first)
{
uint last_minus_one = Tpool->GetSize() - 1;
@@ -270,6 +262,28 @@
return NULL;
}
+protected:
+ /**
+ * Allocate a pool item; possibly allocate a new block in the pool.
+ * @return the allocated pool item (or NULL when the pool is full).
+ */
+ static inline T *AllocateRaw()
+ {
+ return AllocateSafeRaw(Tpool->first_free_index);
+ }
+
+ /**
+ * Allocate a pool item; possibly allocate a new block in the pool.
+ * @param first the first pool item to start searching
+ * @return the allocated pool item (or NULL when the pool is full).
+ */
+ static inline T *AllocateRaw(uint &first)
+ {
+ if (first >= Tpool->GetSize() && !Tpool->AddBlockToPool()) return NULL;
+
+ return AllocateSafeRaw(first);
+ }
+
/**
* Are we cleaning this pool?
* @return true if we are