ioquake
/
ioq3
mirror of https://github.com/ioquake/ioq3.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix buffer overflow, report and patch by Eugene C. (#4669)

This commit is contained in:
Thilo Schulz 2010-07-02 20:21:20 +00:00
parent 31b3acf587
commit 3ff2666375
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
code/qcommon/msg.c
View File

@ -1043,6 +1043,10 @@ void MSG_ReadDeltaEntity( msg_t *msg, entityState_t *from, entityState_t *to,
numFields = sizeof(entityStateFields)/sizeof(entityStateFields[0]); numFields = sizeof(entityStateFields)/sizeof(entityStateFields[0]);
lc = MSG_ReadByte(msg); lc = MSG_ReadByte(msg);
if ( lc > numFields || lc < 0 ) {
Com_Error( ERR_DROP, "invalid entityState field count" );
}
// shownet 2/3 will interleave with other printed info, -1 will // shownet 2/3 will interleave with other printed info, -1 will
// just print the delta records` // just print the delta records`
if ( cl_shownet->integer >= 2 || cl_shownet->integer == -1 ) { if ( cl_shownet->integer >= 2 || cl_shownet->integer == -1 ) {
@ -1376,6 +1380,10 @@ void MSG_ReadDeltaPlayerstate (msg_t *msg, playerState_t *from, playerState_t *t
numFields = sizeof( playerStateFields ) / sizeof( playerStateFields[0] ); numFields = sizeof( playerStateFields ) / sizeof( playerStateFields[0] );
lc = MSG_ReadByte(msg); lc = MSG_ReadByte(msg);
if ( lc > numFields || lc < 0 ) {
Com_Error( ERR_DROP, "invalid playerState field count" );
}
for ( i = 0, field = playerStateFields ; i < lc ; i++, field++ ) { for ( i = 0, field = playerStateFields ; i < lc ; i++, field++ ) {
fromF = (int *)( (byte *)from + field->offset ); fromF = (int *)( (byte *)from + field->offset );
toF = (int *)( (byte *)to + field->offset ); toF = (int *)( (byte *)to + field->offset );