Commit graph

3347 commits

Author SHA1 Message Date
Zack Middleton
0b6d97f849 Fix negative frag/capturelimit causing an infinite map end loop
Reported by @vloup.
2018-02-04 10:37:39 -06:00
Zack Middleton
fc16ac6bd2 Fix invalid access to cluster 0 in AAS_AreaRouteToGoalArea()
Newer versions of BSPC such as 2.1h included with the Quake 3 GPL source
code create AAS files containing areas in cluster 0 if the area has no
reachabilities.

The AAS files included with Quake 3 and Team Arena do not contain areas
in cluster 0. It's apparent that BSPC would not create them. Instead it
created clusters with no reachability areas.

It seems the intention was to check if the areanum and goalareanum have
reachable areas using AAS_AreaReachability(areanum) everywhere before
calling AAS_AreaRouteToGoalArea(). This prevents adding cluster 0 to
the routing cache and portal cache. However, it is not checked
everywhere and including some places in the Game VM.

Fix AAS_AreaRouteToGoalArea() instead of trying to wack-a-mole with all
the places that call it.

Cluster 0 access reported by Thomas Köppe (github @tkoeppe) as causing
crashes in rare cases.
2018-02-04 09:07:44 -06:00
Zack Middleton
0822772ea2 Fix timelimit causing an infinite map ending loop
A negative timelimit value or a value that would overflow the
multiplication by 60000 caused an endless map change/reload.

Based on patch and description by @vloup.
2018-02-04 09:00:08 -06:00
Zack Middleton
83119a990a Fix Q_vsnprintf for mingw-w64
By default mingw-w64 uses Microsoft's broken _vsnprintf() in msvcrt.dll.
It can be overriden by defining __USE_MINGW_ANSI_STDIO but let's just
use the same behavior for both MSVC and mingw-w64.

Reported by @birdstakes.
2018-02-04 08:04:13 -06:00
Zack Middleton
ad10e6610c Changes to systemd q3a.service
Use an absolute path as required by systemd. Distro packages will need
to change it. (Reported by @andreyv and @zeroxfourc.)
Link to server documentation on the wiki instead of maintaining a subset
in the service file.
2018-02-04 07:51:17 -06:00
Zack Middleton
df8f657f09 Fix exploit to bypass filename restrictions on Windows
Windows API ignores all trailing spaces and periods which can get around
Quake 3 file system restrictions. QVM opening 'uix86.dll.' actually
opens 'uix86.dll' which allows QVM to write native code.

This is done in the low-level Sys_FOpen() instead of the function
directly used by VMs ( FS_FOpenFileByMode() ) in case there are engine
commands now or in the future that can read or write arbitrary files.

Reported by Noah Metzger (Chomenor).
2018-01-30 07:59:25 -06:00
Zack Middleton
acce0e5452 Fix building msvc12 project
* Don't try to embed manifest (it causes build to fail because it's
  specified in win_resource.rc).
* Fix curl include path.
* Compile sys_autoupdater.c.
* Make quake3 debug link to msvcrtd.lib instead of msvcrt.lib to fix
  unresolved external symbol __imp___CrtDbgReportW.
* Fix q3_ui dll output directory.
* Fix opus path filter.
* Use UseOfMfc false and CharacterSet NotSet.
* Fix header paths and remove non-existent files.
2018-01-30 07:40:09 -06:00
Zack Middleton
738465d677 Revert my recent cvar latch changes
My cvar latch system changes prevent the Game VM from changing
g_gametype when the value is out of range due to it being registed in
the engine. It's been pointed out as fragile method of security, which
was still exploitable, by Noah Metzger (Chomenor). It doesn't seem like
this is working out to be a good solution.

The issue of fs_game '..' on server being relicated on client via
systeminfo exploit is still fixed as it's not affected by latch.
There are a few cases from current values of fs_game are used which
ideally should use fs_gamedir char array which has been validated.

Revert "Don't let VMs change engine latch cvars immediately"
Partially revert "Fix fs_game '..' reading outside of home and base path"
Revert "Fix VMs forcing engine latch cvar to update to latched value"
2018-01-21 22:45:46 -06:00
Zack Middleton
ed8d48cac3 Fix VMs forcing engine latch cvar to update to latched value
A few commits ago I stopped VM's Cvar_Set() from instantly updating
latched values. Now VM can't call Cvar_Register() afterword to force
latched value to be used.

Reported by Noah Metzger (Chomenor).
2018-01-21 19:49:16 -06:00
Zack Middleton
3638f69dff Fix fs_game '..' reading outside of home and base path
VMs could set fs_game to '..' at anytime to access files outside of home
and base path. fs_game sent by server to clients could also be '..' to
access files outside of home and base path.

'..' was not caught by FS_CheckDirTraversal() as it expects filenames
not a single directory.

I've made fs_game be latched to prevent VMs from changing it with no
good way to validate it before it's used. com_basegame and fs_basegame
are now latched as well.

Additionally, it's now possible to change com_basegame while the engine
is running. game_restart or vid_restart will make it take affect.
com_homepath is now CVAR_PROTECTED to prevent VMs from changing it
to a directory traversal.

This requires my two previous commits for preventing VMs from changing
engine latch cvars and only Cvar_Get fs_game in FS_Startup (so CVAR_INIT
isn't added in serveral other places).

Reported by Noah Metzger (Chomenor).
2018-01-21 06:02:28 -06:00
Zack Middleton
78ca670d4f Don't let VMs change engine latch cvars immediately
If a VM increases sv_maxclients while a server is running the engine
will crash. The value should be latched until engine decides to update
the cvar; the same as when a user sets it.
2018-01-21 06:02:08 -06:00
Zack Middleton
adef4e6c9e Don't register fs_game cvar everywhere just to get the value 2018-01-21 06:02:08 -06:00
Zack Middleton
3a6af1bc48 Fix VMs being able to change CVAR_PROTECTED cvars
VM could use Cvar_Register to set a protected cvar as user created and
was then able to use Cvar_Register with CVAR_ROM to change the value.

Don't allow Cvar_Register to affect protected cvars and prevent VMs
from adding internal flags to any cvars (creator, modified, protected,
nonexistent).

Reported by Noah Metzger (Chomenor).
2018-01-21 06:02:08 -06:00
Thomas Köppe
917bca4f7d Use standard offsetof facility. Dereferencing a null pointer results
in undefined behaviour.
2018-01-21 06:01:50 -06:00
Thomas Köppe
ed1794fe17 Change shift expressions to unsigned types. Shifting signed values to
a result that is not representable has undefined behaviour.
2018-01-21 06:01:50 -06:00
Zack Middleton
7e2aa2c627 Remove extra plus sign from Huff_Compress()
There was an extra plus sign in Huff_Compress(). It wasn't causing any
issues as it does not affect the generated code. Removing it makes the
source code the same as Huff_Decompress().

The odd source code was brought to my attention by Tobias Kuehnhammer.
2018-01-14 18:38:38 -06:00
Zachary J. Slater
6387c336b6 tiny readme thing 2018-01-07 21:41:55 -10:00
Zack Middleton
22fcd82965 Make FS_BuildOSPath for botlib.log consistent with typical usage
I don't think anywhere else uses "" to mean current game directory.
Though it's only an issue for my fork where I removed that behavior.
2017-12-23 17:01:08 -06:00
Eugene C
f3bdd6f022 Don't allow qagame module to create "botlib.log" at ANY filesystem location 2017-12-23 16:41:13 -06:00
Zack Middleton
7166a3cd39 Enable compiler optimization on all macOS architectures
It seems to improve framerate and still work on x86 and x86_64. I
haven't tested ppc64 as I don't have the hardware. ppc64 isn't built
into the universal bundle either.

I noticed this because compiling opus warns it may be slow due to
optimization being disabled.
2017-12-16 12:51:56 -06:00
David CARLIER
c904f6d4aa fix a few potential buffer overwrite in Game VM 2017-12-16 12:51:34 -06:00
David CARLIER
76ec9fb6bd Few LCC memory fixes. 2017-12-15 18:08:23 -06:00
Zack Middleton
7c2dd01873 OpenGL2: Restore adding fixed ambient light when HDR is enabled
Use opengl1 renderer behavior of adding fixed amount of ambient light
to all models regardless of HDR setting. It fixes the view weapon
having zero ambient light on pillcity map.
2017-12-15 17:46:51 -06:00
Zachary J. Slater
bfb6ef590b add SECURITY.md 2017-12-05 22:25:43 -10:00
Zack Middleton
bad8c3ba4e Fix GCC 6 misleading-indentation warning 2017-12-03 05:51:40 -06:00
Zack Middleton
424e1ac7b1 Fix invalid model frame developer warnings in Team Arena
Models for Team Arena's holdable medkit and invulnerability effects use
the frames numbers from the player's torso but the actual models only
have one frame (0).
2017-11-22 20:21:02 -06:00
Zack Middleton
d40b047f13 Correct spelling of two more words
Thanks Undeference for pointing out abreviations.
2017-11-22 20:17:21 -06:00
Edward Betts
fe42b8653d Correct spelling mistakes. 2017-11-22 01:40:20 -06:00
Matt Palmer
14cb72f912 Improvements to the linux build script
In no particular order:

* Use `set -e`, because it prevents accidents, and means we can avoid
  lengthy &&-joined command chains.
* Override defaults by setting env vars; this means people don't have to
  edit the script to change things.
* Use an unpredictable and safely-created tmpdir for building; ain't nobody
  wants to cleanup from a tmpdir race condition attack.
* Test for the presence of `git` and `make` *before* asking questions, and
  only prompt the user about them if they're missing.  No need to bother
  people with unnecessary reading.
* Automatically clean up the build directory after use.
* Tidy up some indenting that had come asunder.
2017-11-21 23:07:54 -06:00
Zack Middleton
3e1599ac4b Fix my previous commit about -1 ammo 2017-11-10 21:09:23 -06:00
Zack Middleton
4af2c91fbf Fix -1 (unlimited) ammo decreasing ammo time remaining
Gauntlet and Grappling Hook use -1 ammo. Gauntlet is excluded from
the check ammo loop but Grappling Hook causes ammo time remaining
to decrease 200 milliseconds.

The out of ammo check tests time remaining is equal to zero. This
means carrying Grappling Hook and out of ammo will have negative
time remaining which results in the low ammo message being displayed
instead of out of ammo.
2017-11-10 20:33:07 -06:00
Zack Middleton
471ea9e564 Fix Team Arena server refresh time format
Make minute less than 10 have a leading 0. Change '7:1' to '7:01'.
2017-11-10 20:06:04 -06:00
Zack Middleton
e8450cae33 OpenGL2: Use ri.Error instead of Com_Error in tr_vbo.c
Com_Error is a wrapper for ri.Error. Use it directly.
2017-11-05 20:58:57 -06:00
Mickaël Thomas
6ecfa4f263 Fix shader corruption on OpenBSD
OpenBSD's sed (and possibly other platforms') interprets `\r` as a
literal `r` rather than a carriage return, which leads to all `r`
letters being stripped from the shaders' source.

This fixes the issue by using the POSIX-compliant `tr -d '\r'` to remove
carriage returns.

Thanks to @ryan-sg for reporting the issue
2017-10-16 16:23:14 +01:00
Mickaël Thomas
7d012f229e Fix a race condition in the makedirs target
A race condition can happen when running "make all" with parallel jobs.

The issue is that the build directory can be created by another
concurrent job between the moment it was detected as missing and the
moment mkdir is called (which fails if the directory already exists).

This fixes the problem by always using `mkdir -p` which doesn't fail if
the directory already exists.
2017-10-16 16:22:37 +01:00
Zack Middleton
690c5a4dac Don't send team overlay info to bots 2017-10-09 02:34:22 -05:00
Zack Middleton
b4a4fe98d4 Fix reading crash log when log wraps around buffer 2017-10-08 07:19:07 -05:00
Zack Middleton
9e502bda4d Only draw cm_patch/bot debug polygons in world scenes
Fixes debug polygons appearing in HUD head model scene.
2017-10-08 07:18:40 -05:00
Walter Barrett
96f94a2891 Fix compiling GLSL shaders under Windows.
Now the `sed` command cope with files using Windows-style line endings.
2017-10-07 08:02:25 -05:00
Zack Middleton
e46e9846fc Fix memory leak in (unused) AAS_FloodAreas() 2017-10-07 08:02:24 -05:00
Zack Middleton
815c898bf5 Don't redefine MAX_PATH in bot code 2017-10-04 22:13:50 -05:00
Thomas Köppe
39b0702550 [botlib/be_aas_def.h] Change array size from MAX_PATH to MAX_QPATH
The array is part of a structure and should have a fixed size that does
not depend on inclusion order.
2017-10-04 21:41:41 -05:00
Zack Middleton
d824cfa5a2 OpenGL2: Fix MD3 surface with zero shaders dividing by zero
Reported by @DescX.
2017-10-04 21:00:04 -05:00
Zack Middleton
ac4802af8d OpenGL2: Fix brightness when r_autoExposure is disabled
The game world is too dark when r_autoExposure is disabled. It can be
fixed by setting (cheat) r_cameraExposure to 1 but then the game is
too bright when r_autoExposure is enabled. So default r_cameraExposure
to 1 and make auto exposure subtract 1 from r_cameraExposure value.
2017-10-02 20:46:36 -05:00
Thomas Köppe
b3223dcfcb [qcommon] Use unsigned types where wrapping arithmetic is intended
The use of signed types in these expressions lead to overflow, hence undefined behaviour. The "sum" aggregator in Com_TouchMemory isn't even used (and presumbably just exists to inhibit optimizations from removing the memory access).
2017-10-02 19:46:37 -05:00
Zack Middleton
a83ae01d93 Load OpenGL ES 1.1 function procs 2017-10-02 04:48:07 -05:00
Zack Middleton
e657dbd6b2 Fix setting cflags/libs from sdl2-config
SDL_CFLAGS and SDL_LIBS assignment was "only if absent". However due
to previously assigning them to "pkg-config sdl2" values, the values
from sdl2-config were ignored.
2017-10-02 02:03:16 -05:00
Zack Middleton
da07a6dbd9 Support parsing OpenGL ES version strings
The renderers don't support OpenGL ES though.
2017-10-01 23:09:20 -05:00
Zack Middleton
c9d12aa3f3 Add common OpenGL version parsing + OpenGL 3 fixes
- Parse OpenGL version in sdl_glimp.c to share with both renderers.
- Add GL_VERSION_ATLEAST(major, minor) macro.
- Get address of glGetStringi if using OpenGL 3.
- Fix glConfig.extensions_string when using GL3 core context in
opengl2 renderer.
- Make opengl1 renderer's gfxinfo support qglGetStringi too.
2017-10-01 23:09:20 -05:00
Zack Middleton
20573bce43 Don't link to libGL at compile time
Get all OpenGL functions using SDL_GL_GetProcAddress(). This makes it
easier to cross-arch compile on Linux and add support for OpenGL ES
in the future.

Users still have to supply their own libSDL2 for cross-arch compiling
on Linux. But now the user does not have to re-install libgl1-mesa-dev
package for i386 or amd64 on Debian when switching between compiling
ioquake3 for x86 and x86_64.
2017-10-01 23:07:33 -05:00