fte/quakespasm
2
0
Fork 0
mirror of https://github.com/Shpoike/Quakespasm.git synced 2024-11-10 07:21:58 +00:00
Code Issues Projects Releases Packages Wiki Activity

Loadgame_f() may go past sv.num_edicts, but it does not go through

Browse source 
ED_Alloc(), therefore such ents will have uninitialized members.
This used to lead to bad crashes with e.g. Rubicon Rumble Pack maps
since svn r1286 when we began allocating sv.edicts using malloc and
only zero-filling when necessary.  So, check against sv.num_edicts
and zero-fill the ent properly when necessary.

git-svn-id: svn://svn.code.sf.net/p/quakespasm/code/trunk/quakespasm@1318 af15c1b1-3010-417e-b628-4374ebc0bcbd
This commit is contained in:
Ozkan Sezer 2016-06-24 16:04:25 +00:00
parent 5734c934a7
commit de4bea0e74
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
Quake/host_cmd.c
View file

@ -1225,9 +1225,16 @@ void Host_Loadgame_f (void)
} }
else else
{ // parse an edict { // parse an edict
ent = EDICT_NUM(entnum); ent = EDICT_NUM(entnum);
memset (&ent->v, 0, progs->entityfields * 4); if (entnum < sv.num_edicts) {
memset (&ent->v, 0, progs->entityfields * 4);
}
else if (entnum < sv.max_edicts) {
memset (ent, 0, pr_edict_size);
}
else {
Host_Error ("Loadgame: no free edicts (max_edicts is %i)", sv.max_edicts);
}
ent->free = false; ent->free = false;
ED_ParseEdict (start, ent); ED_ParseEdict (start, ent);