From 0cde03254a6564eaec21603e9add4f14e6c2fe52 Mon Sep 17 00:00:00 2001
From: Kahrl <kahrl@gmx.net>
Date: Tue, 29 Sep 2015 01:55:12 +0200
Subject: [PATCH] Don't serialize StaticObjectList with > 65535 objects

Because the count is serialized as u16, this would cause overflow.

If minetest later deserialized a mapblock with an incorrect
static object count, it would be unable to find the NameIdMapping
(which comes after the StaticObjectList) and abort with an error
such as "Invalid block data in database: unsupported NameIdMapping
version" (issue #2610).
---
 src/staticobject.cpp | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/staticobject.cpp b/src/staticobject.cpp
index 2e7d45a47..e226f0b2e 100644
--- a/src/staticobject.cpp
+++ b/src/staticobject.cpp
@@ -19,6 +19,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 
 #include "staticobject.h"
 #include "util/serialize.h"
+#include "log.h"
 
 void StaticObject::serialize(std::ostream &os)
 {
@@ -44,9 +45,20 @@ void StaticObjectList::serialize(std::ostream &os)
 	// version
 	u8 version = 0;
 	writeU8(os, version);
+
 	// count
-	u16 count = m_stored.size() + m_active.size();
+	size_t count = m_stored.size() + m_active.size();
+	// Make sure it fits into u16, else it would get truncated and cause e.g.
+	// issue #2610 (Invalid block data in database: unsupported NameIdMapping version).
+	if (count > (u16)-1) {
+		errorstream << "StaticObjectList::serialize(): "
+			<< "too many objects (" << count << ") in list, "
+			<< "not writing them to disk." << std::endl;
+		writeU16(os, 0);  // count = 0
+		return;
+	}
 	writeU16(os, count);
+
 	for(std::vector<StaticObject>::iterator
 			i = m_stored.begin();
 			i != m_stored.end(); ++i) {
-- 
GitLab