From 77a02a548e23fc9260b98beb5d403ce049cc600b Mon Sep 17 00:00:00 2001
From: Jonathan Gray <jsg@jsg.id.au>
Date: Tue, 7 May 2013 17:55:05 +1000
Subject: [PATCH] fix overflow in CG_ParseTeamInfo

from Ludwig Nussel in ioquake3
svn 1492 git cde5fcfb9b09323c553e446988a056f7ad1cc4b0

fix overflow in CG_ParseTeamInfo

based on patch for Tremulous, thanks to Roman Tetelman
---
 codemp/cgame/cg_servercmds.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/codemp/cgame/cg_servercmds.c b/codemp/cgame/cg_servercmds.c
index eac7d37..fd01868 100644
--- a/codemp/cgame/cg_servercmds.c
+++ b/codemp/cgame/cg_servercmds.c
@@ -79,9 +79,20 @@ static void CG_ParseTeamInfo( void ) {
 	int		client;
 
 	numSortedTeamPlayers = atoi( CG_Argv( 1 ) );
+	if( numSortedTeamPlayers < 0 || numSortedTeamPlayers > TEAM_MAXOVERLAY )
+	{
+		CG_Error( "CG_ParseTeamInfo: numSortedTeamPlayers out of range (%d)",
+				numSortedTeamPlayers );
+		return;
+	}
 
 	for ( i = 0 ; i < numSortedTeamPlayers ; i++ ) {
 		client = atoi( CG_Argv( i * 6 + 2 ) );
+		if( client < 0 || client >= MAX_CLIENTS )
+		{
+		  CG_Error( "CG_ParseTeamInfo: bad client number: %d", client );
+		  return;
+		}
 
 		sortedTeamPlayers[i] = client;