ioquake/jedi-academy
0
0
Fork 0
mirror of https://github.com/ioquake/jedi-academy.git synced 2025-03-10 19:22:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

invalid msg field count buffer overflow

Browse source 
bugzilla #4669

from Eugene C. in ioquake3
svn 1788 git 3ff266637578b9727ddee84e966214dd5dc51f04

Fix buffer overflow, report and patch by Eugene C. (#4669)
This commit is contained in:
Jonathan Gray 2013-05-07 18:37:38 +10:00
parent 0829cfe9e4
commit 15b5f1f0c1
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
codemp/qcommon/msg.cpp
View file

@ -1261,6 +1261,10 @@ void MSG_ReadDeltaEntity( msg_t *msg, entityState_t *from, entityState_t *to,
numFields = sizeof(entityStateFields)/sizeof(entityStateFields[0]);
lc = MSG_ReadByte(msg);
if ( lc > numFields || lc < 0 ) {
Com_Error( ERR_DROP, "invalid entityState field count" );
}
// shownet 2/3 will interleave with other printed info, -1 will
// just print the delta records`
if ( cl_shownet->integer >= 2 || cl_shownet->integer == -1 ) {
@ -2515,6 +2519,10 @@ void MSG_ReadDeltaPlayerstate (msg_t *msg, playerState_t *from, playerState_t *t
lc = MSG_ReadByte(msg);
if ( lc > numFields || lc < 0 ) {
Com_Error( ERR_DROP, "invalid playerState field count" );
}
#ifdef _DONETPROFILE_
int startBytes,endBytes;
#endif