fte
/
quakespasm
mirror of https://github.com/Shpoike/Quakespasm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sky_NewMap: avoid stack buffer underflow on the "remove trailing spaces" 

line that happened if a map had an empty string worldspawn key,
detected by ASan on macOS with demo_map.bsp from SlayerTest.

Also prevent the strcpy's from overflowing the buffers in case of long
keys.

git-svn-id: svn://svn.code.sf.net/p/quakespasm/code/trunk/quakespasm@1624 af15c1b1-3010-417e-b628-4374ebc0bcbd
This commit is contained in:
Eric Wasylishen 2019-09-12 04:06:54 +00:00
parent 0e6c4f27cc
commit 429b29a669
3 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Quake/gl_fog.c
View File

@ -205,15 +205,15 @@ void Fog_ParseWorldspawn (void)
if (com_token[0] == '}')
break; // end of worldspawn
if (com_token[0] == '_')
strcpy(key, com_token + 1);
q_strlcpy(key, com_token + 1, sizeof(key));
else
strcpy(key, com_token);
while (key[strlen(key)-1] == ' ') // remove trailing spaces
q_strlcpy(key, com_token, sizeof(key));
while (strlen(key) > 0 && key[strlen(key)-1] == ' ') // remove trailing spaces
key[strlen(key)-1] = 0;
data = COM_Parse(data);
if (!data)
return; // error
strcpy(value, com_token);
q_strlcpy(value, com_token, sizeof(value));
if (!strcmp("fog", key))
{

8
Quake/gl_rmisc.c
View File

@ -352,15 +352,15 @@ static void R_ParseWorldspawn (void)
if (com_token[0] == '}')
break; // end of worldspawn
if (com_token[0] == '_')
strcpy(key, com_token + 1);
q_strlcpy(key, com_token + 1, sizeof(key));
else
strcpy(key, com_token);
while (key[strlen(key)-1] == ' ') // remove trailing spaces
q_strlcpy(key, com_token, sizeof(key));
while (strlen(key) > 0 && key[strlen(key)-1] == ' ') // remove trailing spaces
key[strlen(key)-1] = 0;
data = COM_Parse(data);
if (!data)
return; // error
strcpy(value, com_token);
q_strlcpy(value, com_token, sizeof(value));
if (!strcmp("wateralpha", key))
map_wateralpha = atof(value);

8
Quake/gl_sky.c
View File

@ -248,15 +248,15 @@ void Sky_NewMap (void)
if (com_token[0] == '}')
break; // end of worldspawn
if (com_token[0] == '_')
strcpy(key, com_token + 1);
q_strlcpy(key, com_token + 1, sizeof(key));
else
strcpy(key, com_token);
while (key[strlen(key)-1] == ' ') // remove trailing spaces
q_strlcpy(key, com_token, sizeof(key));
while (strlen(key) > 0 && key[strlen(key)-1] == ' ') // remove trailing spaces
key[strlen(key)-1] = 0;
data = COM_Parse(data);
if (!data)
return; // error
strcpy(value, com_token);
q_strlcpy(value, com_token, sizeof(value));
if (!strcmp("sky", key))
Sky_LoadSkyBox(value);