Fix memory overwrite when client has too many maps. Thanks to beast for the reporting & the patch. http://bugzilla.icculus.org/process_bug.cgi

This commit is contained in:
Thilo Schulz 2009-10-06 14:28:50 +00:00
parent 549f23bda6
commit d53eeae419
2 changed files with 44 additions and 40 deletions

View file

@ -169,7 +169,7 @@ static void UI_LoadArenas( void ) {
int numdirs;
vmCvar_t arenasFile;
char filename[128];
char dirlist[1024];
char dirlist[2048];
char* dirptr;
int i, n;
int dirlen;
@ -188,7 +188,7 @@ static void UI_LoadArenas( void ) {
}
// get all arenas from .arena files
numdirs = trap_FS_GetFileList("scripts", ".arena", dirlist, 1024 );
numdirs = trap_FS_GetFileList("scripts", ".arena", dirlist, 2048 );
dirptr = dirlist;
for (i = 0; i < numdirs; i++, dirptr += dirlen+1) {
dirlen = strlen(dirptr);

View file

@ -50,12 +50,8 @@ START SERVER MENU *****
#define MAX_MAPROWS 2
#define MAX_MAPCOLS 2
#define MAX_MAPSPERPAGE 4
#define MAX_SERVERSTEXT 8192
#define MAX_SERVERMAPS 64
#define MAX_NAMELENGTH 16
#define ID_GAMETYPE 10
#define ID_PICTURES 11 // 12, 13, 14
#define ID_PREVPAGE 15
@ -87,8 +83,7 @@ typedef struct {
int nummaps;
int page;
int maxpages;
char maplist[MAX_SERVERMAPS][MAX_NAMELENGTH];
int mapGamebits[MAX_SERVERMAPS];
int maplist[MAX_ARENAS];
} startserver_t;
static startserver_t s_startserver;
@ -166,16 +161,22 @@ StartServer_Update
static void StartServer_Update( void ) {
int i;
int top;
static char picname[MAX_MAPSPERPAGE][64];
static char picname[MAX_MAPSPERPAGE][64];
const char *info;
char mapname[MAX_NAMELENGTH];
top = s_startserver.page*MAX_MAPSPERPAGE;
for (i=0; i<MAX_MAPSPERPAGE; i++)
{
if (top+i >= s_startserver.nummaps)
break;
Com_sprintf( picname[i], sizeof(picname[i]), "levelshots/%s", s_startserver.maplist[top+i] );
break;
info = UI_GetArenaInfoByNumber( s_startserver.maplist[ top + i ]);
Q_strncpyz( mapname, Info_ValueForKey( info, "map"), MAX_NAMELENGTH );
Q_strupr( mapname );
Com_sprintf( picname[i], sizeof(picname[i]), "levelshots/%s", mapname );
s_startserver.mappics[i].generic.flags &= ~QMF_HIGHLIGHT;
s_startserver.mappics[i].generic.name = picname[i];
@ -216,7 +217,8 @@ static void StartServer_Update( void ) {
}
// set the map name
strcpy( s_startserver.mapname.string, s_startserver.maplist[s_startserver.currentmap] );
info = UI_GetArenaInfoByNumber( s_startserver.maplist[ s_startserver.currentmap ]);
Q_strncpyz( s_startserver.mapname.string, Info_ValueForKey( info, "map" ), MAX_NAMELENGTH);
}
Q_strupr( s_startserver.mapname.string );
@ -249,7 +251,7 @@ static void StartServer_GametypeEvent( void* ptr, int event ) {
int gamebits;
int matchbits;
const char *info;
if( event != QM_ACTIVATED) {
return;
}
@ -259,18 +261,16 @@ static void StartServer_GametypeEvent( void* ptr, int event ) {
matchbits = 1 << gametype_remap[s_startserver.gametype.curvalue];
if( gametype_remap[s_startserver.gametype.curvalue] == GT_FFA ) {
matchbits |= ( 1 << GT_SINGLE_PLAYER );
}
}
for( i = 0; i < count; i++ ) {
info = UI_GetArenaInfoByNumber( i );
info = UI_GetArenaInfoByNumber( i );
gamebits = GametypeBits( Info_ValueForKey( info, "type") );
if( !( gamebits & matchbits ) ) {
continue;
}
Q_strncpyz( s_startserver.maplist[s_startserver.nummaps], Info_ValueForKey( info, "map"), MAX_NAMELENGTH );
Q_strupr( s_startserver.maplist[s_startserver.nummaps] );
s_startserver.mapGamebits[s_startserver.nummaps] = gamebits;
s_startserver.maplist[ s_startserver.nummaps ] = i;
s_startserver.nummaps++;
}
s_startserver.maxpages = (s_startserver.nummaps + MAX_MAPSPERPAGE-1)/MAX_MAPSPERPAGE;
@ -330,6 +330,7 @@ static void StartServer_LevelshotDraw( void *self ) {
int w;
int h;
int n;
const char *info;
b = (menubitmap_s *)self;
@ -363,7 +364,9 @@ static void StartServer_LevelshotDraw( void *self ) {
x += b->width / 2;
y += 4;
n = s_startserver.page * MAX_MAPSPERPAGE + b->generic.id - ID_PICTURES;
UI_DrawString( x, y, s_startserver.maplist[n], UI_CENTER|UI_SMALLFONT, color_orange );
info = UI_GetArenaInfoByNumber( s_startserver.maplist[ n ]);
UI_DrawString( x, y, Info_ValueForKey( info, "map" ), UI_CENTER|UI_SMALLFONT, color_orange );
x = b->generic.x;
y = b->generic.y;
@ -556,6 +559,7 @@ void StartServer_Cache( void )
const char *info;
qboolean precache;
char picname[64];
char mapname[ MAX_NAMELENGTH ];
trap_R_RegisterShaderNoMip( GAMESERVER_BACK0 );
trap_R_RegisterShaderNoMip( GAMESERVER_BACK1 );
@ -572,22 +576,16 @@ void StartServer_Cache( void )
precache = trap_Cvar_VariableValue("com_buildscript");
s_startserver.nummaps = UI_GetNumArenas();
for( i = 0; i < s_startserver.nummaps; i++ ) {
info = UI_GetArenaInfoByNumber( i );
Q_strncpyz( s_startserver.maplist[i], Info_ValueForKey( info, "map"), MAX_NAMELENGTH );
Q_strupr( s_startserver.maplist[i] );
s_startserver.mapGamebits[i] = GametypeBits( Info_ValueForKey( info, "type") );
if( precache ) {
Com_sprintf( picname, sizeof(picname), "levelshots/%s", s_startserver.maplist[i] );
if( precache ) {
for( i = 0; i < UI_GetNumArenas(); i++ ) {
info = UI_GetArenaInfoByNumber( i );
Q_strncpyz( mapname, Info_ValueForKey( info, "map"), MAX_NAMELENGTH );
Q_strupr( mapname );
Com_sprintf( picname, sizeof(picname), "levelshots/%s", mapname );
trap_R_RegisterShaderNoMip(picname);
}
}
s_startserver.maxpages = (s_startserver.nummaps + MAX_MAPSPERPAGE-1)/MAX_MAPSPERPAGE;
}
@ -732,7 +730,7 @@ static void ServerOptions_Start( void ) {
int skill;
int n;
char buf[64];
const char *info;
timelimit = atoi( s_serveroptions.timelimit.field.buffer );
fraglimit = atoi( s_serveroptions.fraglimit.field.buffer );
@ -790,7 +788,8 @@ static void ServerOptions_Start( void ) {
trap_Cvar_SetValue( "sv_punkbuster", s_serveroptions.punkbuster.curvalue );
// the wait commands will allow the dedicated to take effect
trap_Cmd_ExecuteText( EXEC_APPEND, va( "wait ; wait ; map %s\n", s_startserver.maplist[s_startserver.currentmap] ) );
info = UI_GetArenaInfoByNumber( s_startserver.maplist[ s_startserver.currentmap ]);
trap_Cmd_ExecuteText( EXEC_APPEND, va( "wait ; wait ; map %s\n", Info_ValueForKey( info, "map" )));
// add bots
trap_Cmd_ExecuteText( EXEC_APPEND, "wait 3\n" );
@ -1128,7 +1127,9 @@ ServerOptions_SetMenuItems
=================
*/
static void ServerOptions_SetMenuItems( void ) {
static char picname[64];
static char picname[64];
char mapname[MAX_NAMELENGTH];
const char *info;
switch( s_serveroptions.gametype ) {
case GT_FFA:
@ -1159,7 +1160,10 @@ static void ServerOptions_SetMenuItems( void ) {
s_serveroptions.pure.curvalue = Com_Clamp( 0, 1, trap_Cvar_VariableValue( "sv_pure" ) );
// set the map pic
Com_sprintf( picname, 64, "levelshots/%s", s_startserver.maplist[s_startserver.currentmap] );
info = UI_GetArenaInfoByNumber( s_startserver.maplist[ s_startserver.currentmap ]);
Q_strncpyz( mapname, Info_ValueForKey( info, "map"), MAX_NAMELENGTH );
Q_strupr( mapname );
Com_sprintf( picname, 64, "levelshots/%s", mapname );
s_serveroptions.mappic.generic.name = picname;
// set the map name