From 9f294ce5207fa29b30d6b004665e44be3af3dc8e Mon Sep 17 00:00:00 2001 From: Eugene C Date: Wed, 4 Apr 2018 06:36:24 +0300 Subject: [PATCH] Fix MSG_Read*String*() functions not being able to read last byte from message This is exact root of q3msgboom bug http://aluigi.altervista.org/adv/q3msgboom-adv.txt Unfortunately, server still need this ugly '1022 char limit' hack to support unfixed clients in some degree. And as it affects MSG_ReadBigString() - unfixed clients can still be crashed by 8191-chars long configstrings that comes with gamestate --- code/qcommon/msg.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/code/qcommon/msg.c b/code/qcommon/msg.c index c8344a1a..e7d5047c 100644 --- a/code/qcommon/msg.c +++ b/code/qcommon/msg.c @@ -462,12 +462,14 @@ char *MSG_ReadString( msg_t *msg ) { if ( c > 127 ) { c = '.'; } - - string[l] = c; - l++; - } while (l < sizeof(string)-1); + // break only after reading all expected data from bitstream + if ( l >= sizeof(string)-1 ) { + break; + } + string[l++] = c; + } while (1); - string[l] = 0; + string[l] = '\0'; return string; } @@ -490,12 +492,14 @@ char *MSG_ReadBigString( msg_t *msg ) { if ( c > 127 ) { c = '.'; } - - string[l] = c; - l++; - } while (l < sizeof(string)-1); + // break only after reading all expected data from bitstream + if ( l >= sizeof(string)-1 ) { + break; + } + string[l++] = c; + } while (1); - string[l] = 0; + string[l] = '\0'; return string; } @@ -518,12 +522,14 @@ char *MSG_ReadStringLine( msg_t *msg ) { if ( c > 127 ) { c = '.'; } - - string[l] = c; - l++; - } while (l < sizeof(string)-1); + // break only after reading all expected data from bitstream + if ( l >= sizeof(string)-1 ) { + break; + } + string[l++] = c; + } while (1); - string[l] = 0; + string[l] = '\0'; return string; }