From de3809aa7d70db3c9e225951c0226bb4ca91df8d Mon Sep 17 00:00:00 2001
From: Eric House <xwords@eehouse.org>
Date: Thu, 26 Mar 2020 18:12:37 -0700
Subject: [PATCH] fix crash when chat message is too long

Len byte was limited to 255, but would get clipped (masked with 0xFF)
then all the string data would get written. So on receipt, the clipped
length was taken to be that of the string data, with the rest of the
string to be interpreted as something else. An array index, in this
case.
---
 .../src/main/java/org/eehouse/android/xw4/DBUtils.java    | 2 +-
 xwords4/common/server.c                                   | 2 --
 xwords4/common/strutils.c                                 | 8 ++++++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/DBUtils.java b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/DBUtils.java
index 25f53e470..4d6c1cb56 100644
--- a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/DBUtils.java
+++ b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/DBUtils.java
@@ -1868,7 +1868,7 @@ public class DBUtils {
     {
         Assert.assertNotNull( msg );
         Assert.assertFalse( -1 == fromPlayer );
-        ArrayList<ContentValues> valuess = new ArrayList<ContentValues>();
+        ArrayList<ContentValues> valuess = new ArrayList<>();
         valuess.add( cvForChat( rowid, msg, fromPlayer, tsSeconds ) );
         appendChatHistory( context, valuess );
         Log.i( TAG, "appendChatHistory: inserted \"%s\" from player %d",
diff --git a/xwords4/common/server.c b/xwords4/common/server.c
index 6a7a58180..771d92987 100644
--- a/xwords4/common/server.c
+++ b/xwords4/common/server.c
@@ -722,7 +722,6 @@ sendChatTo( ServerCtxt* server, XP_U16 devIndex, const XP_UCHAR* msg,
         XWStreamCtxt* stream = messageStreamWithHeader( server, devIndex,
                                                         XWPROTO_CHAT );
         stringToStream( stream, msg );
-        XP_ASSERT( from < server->vol.gi->nPlayers );
         stream_putU8( stream, from );
         stream_putU32( stream, timestamp );
         stream_destroy( stream );
@@ -766,7 +765,6 @@ receiveChat( ServerCtxt* server, XWStreamCtxt* incoming )
         sendChatToClientsExcept( server, sourceClientIndex, msg, from,
                                  timestamp );
     }
-    XP_ASSERT( from < server->vol.gi->nPlayers );
     util_showChat( server->vol.util, msg, from, timestamp );
     XP_FREE( server->mpool, msg );
     return XP_TRUE;
diff --git a/xwords4/common/strutils.c b/xwords4/common/strutils.c
index ba7b5c986..82054d8fc 100644
--- a/xwords4/common/strutils.c
+++ b/xwords4/common/strutils.c
@@ -267,8 +267,12 @@ stringFromStreamHere( XWStreamCtxt* stream, XP_UCHAR* buf, XP_U16 buflen )
 void
 stringToStream( XWStreamCtxt* stream, const XP_UCHAR* str )
 {
-    XP_U16 len = str==NULL? 0: XP_STRLEN( str );
-    XP_ASSERT( len < 0xFF );
+    XP_U16 len = str == NULL? 0: XP_STRLEN( str );
+    if ( len > 0xFF ) {
+        XP_LOGFF( "truncating string '%s', dropping len from %d to %d",
+                  str, len, 0xFF );
+        len = 0xFF;
+    }
     stream_putU8( stream, (XP_U8)len );
     stream_putBytes( stream, str, len );
 } /* putStringToStream */