Potential buffer overflow in UpdateTournamentInfo()

bugzilla #4753

from Eugene C. in ioquake3
svn 1801 git a4327ef965fa6b8f4103f71ea4a7ae00f1fd97bc

Bugzilla #4753
Potential buffer overflow in UpdateTournamentInfo()
This commit is contained in:
Jonathan Gray 2013-05-07 19:36:35 +10:00
parent 15b5f1f0c1
commit 3fa32e5910

View file

@ -22,7 +22,6 @@ void UpdateTournamentInfo( void ) {
gentity_t *player; gentity_t *player;
int playerClientNum; int playerClientNum;
int n, accuracy, perfect, msglen; int n, accuracy, perfect, msglen;
int buflen;
int score1, score2; int score1, score2;
qboolean won; qboolean won;
char buf[32]; char buf[32];
@ -91,8 +90,8 @@ void UpdateTournamentInfo( void ) {
for( i = 0; i < level.numNonSpectatorClients; i++ ) { for( i = 0; i < level.numNonSpectatorClients; i++ ) {
n = level.sortedClients[i]; n = level.sortedClients[i];
Com_sprintf( buf, sizeof(buf), " %i %i %i", n, level.clients[n].ps.persistant[PERS_RANK], level.clients[n].ps.persistant[PERS_SCORE] ); Com_sprintf( buf, sizeof(buf), " %i %i %i", n, level.clients[n].ps.persistant[PERS_RANK], level.clients[n].ps.persistant[PERS_SCORE] );
buflen = strlen( buf ); msglen += strlen( buf );
if( msglen + buflen + 1 >= sizeof(msg) ) { if( msglen >= sizeof(msg) ) {
break; break;
} }
strcat( msg, buf ); strcat( msg, buf );