From b1c679f7722cbc2335faf44b507b2b35506cd1ef Mon Sep 17 00:00:00 2001 From: Spike Date: Thu, 19 Jul 2018 22:02:25 +0100 Subject: [PATCH] Fix possible networked out-of-bounds access. --- Quake/cl_parse.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Quake/cl_parse.c b/Quake/cl_parse.c index dffeb9ab..c99105a6 100644 --- a/Quake/cl_parse.c +++ b/Quake/cl_parse.c @@ -1430,7 +1430,7 @@ static void CL_ParseUpdate (int bits) { int i; qmodel_t *model; - int modnum; + unsigned int modnum; qboolean forcelink; entity_t *ent; int num; @@ -1575,7 +1575,11 @@ static void CL_ParseUpdate (int bits) if (bits & U_FRAME2) ent->frame = (ent->frame & 0x00FF) | (MSG_ReadByte() << 8); if (bits & U_MODEL2) + { modnum = (modnum & 0x00FF) | (MSG_ReadByte() << 8); + if (modnum >= MAX_MODELS) + Host_Error ("CL_ParseModel: bad modnum"); + } if (bits & U_LERPFINISH) { ent->lerpfinish = ent->msgtime + ((float)(MSG_ReadByte()) / 255);