ioquake
/
ioq3
mirror of https://github.com/ioquake/ioq3.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix cg.skulltrails out of bounds access in Team Arena Harvester mode 

In Team Arena's Harvester mode, players corrupt your memory from beyond
the grave. Gib the players to stop the corruption!

CG_PlayerTokens is called for player entities, including corpses.
The entity number is used for the index in cg.skulltrails which only has
MAX_CLIENTS elements. This results in incorrect memory being overwritten
for corpse entities (as the entity number is >= MAX_CLIENTS).

So limit skull trails to valid entities (entity number < MAX_CLIENTS).
This commit is contained in:
Zack Middleton 2014-05-01 20:41:47 -05:00
parent 7beff8bc7e
commit b9061c8447
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
code/cgame/cg_players.c
View File

@ -1774,6 +1774,9 @@ static void CG_PlayerTokens( centity_t *cent, int renderfx ) {
refEntity_t ent;
vec3_t dir, origin;
skulltrail_t *trail;
if ( cent->currentState.number >= MAX_CLIENTS ) {
return;
}
trail = &cg.skulltrails[cent->currentState.number];
tokens = cent->currentState.generic1;
if ( !tokens ) {