fte/quakespasm
2
0
Fork 0
mirror of https://github.com/Shpoike/Quakespasm.git synced 2024-11-10 15:31:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

Loadgame_f() may go past sv.num_edicts, but it does not go through

Browse source 
ED_Alloc(), therefore such ents will have uninitialized members.
This used to lead to bad crashes with e.g. Rubicon Rumble Pack maps
since svn r1286 when we began allocating sv.edicts using malloc and
only zero-filling when necessary.  So, check against sv.num_edicts
and zero-fill the ent properly when necessary.

git-svn-id: svn+ssh://svn.code.sf.net/p/quakespasm/code/trunk@1318 af15c1b1-3010-417e-b628-4374ebc0bcbd
This commit is contained in:
sezero 2016-06-24 16:04:25 +00:00
parent 2c6697641c
commit 2f4eac979e
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
quakespasm/Quake/host_cmd.c
View file

@ -1225,9 +1225,16 @@ void Host_Loadgame_f (void)
}
else
{ // parse an edict
ent = EDICT_NUM(entnum);
if (entnum < sv.num_edicts) {
memset (&ent->v, 0, progs->entityfields * 4);
}
else if (entnum < sv.max_edicts) {
memset (ent, 0, pr_edict_size);
}
else {
Host_Error ("Loadgame: no free edicts (max_edicts is %i)", sv.max_edicts);
}
ent->free = false;
ED_ParseEdict (start, ent);