This is exact root of q3msgboom bug http://aluigi.altervista.org/adv/q3msgboom-adv.txt
Unfortunately, server still need this ugly '1022 char limit' hack to support unfixed clients in some degree.
And as it affects MSG_ReadBigString() - unfixed clients can still be crashed by 8191-chars long configstrings that comes with gamestate
If client sends wrong serverId but is already active in the world
(CS_ACTIVE) don't resend initial gamestate for the map. This isn't a
valid situation. The player should be CS_CONNECTED or CS_PRIMED.
Resending gamestate to an active player will cause them to respawn
without dying or disconnecting. If the player had a CTF flag it gets
lost until the map is changed or restarted.
Reported by Ensiform at:
https://bugzilla.icculus.org/show_bug.cgi?id=6324
In May 2017 the library loading was limited to *.dylib but the macOS
system OpenAL framework does not have dylib extension. So allow loading
files from /System/Library/Frameworks/ as libraries even without dylib
extension.
This is checked in Sys_DllExtension() so that QVM filesystem access will
not allow writing files to /System/Library/Frameworks/ even if homepath
is changed to include it. (Admittedly it doesn't fit the function name
but fits the function description and current usage.)
Allow listing about 273 .arena filenames for loading in q3_ui instead
of only about 136 that fit in a 2048 byte buffer (average 15 bytes per
file name).
The buffer for filename list runs out of space long before the buffer
for arena file content does. There is no warning for file list out of
space but there is a warning for arena file content.
This was requested by a user with many maps.
Team Arena's mpteam6 map has a shader textures/base_wall2/space_concrete
that contains an opaque stage, two non-lightmap blendfunc filter stages,
a blendfunc add stage, and a lightmap stage. The lightmap was attached
to all four of the non-lightmap stages causing the filter stages to
darken the lightmap multiple times.
Change setting up the lightall GLSL shader to only use lightmap if it's
the first stage or not a blendfunc filter stage. Now only the opaque
and blendfunc add stages of the mpteam6 shader use the lightmap.
Reported by Alexander Nadeau (wareya).
Newer versions of BSPC such as 2.1h included with the Quake 3 GPL source
code create AAS files containing areas in cluster 0 if the area has no
reachabilities.
The AAS files included with Quake 3 and Team Arena do not contain areas
in cluster 0. It's apparent that BSPC would not create them. Instead it
created clusters with no reachability areas.
It seems the intention was to check if the areanum and goalareanum have
reachable areas using AAS_AreaReachability(areanum) everywhere before
calling AAS_AreaRouteToGoalArea(). This prevents adding cluster 0 to
the routing cache and portal cache. However, it is not checked
everywhere and including some places in the Game VM.
Fix AAS_AreaRouteToGoalArea() instead of trying to wack-a-mole with all
the places that call it.
Cluster 0 access reported by Thomas Köppe (github @tkoeppe) as causing
crashes in rare cases.
A negative timelimit value or a value that would overflow the
multiplication by 60000 caused an endless map change/reload.
Based on patch and description by @vloup.
By default mingw-w64 uses Microsoft's broken _vsnprintf() in msvcrt.dll.
It can be overriden by defining __USE_MINGW_ANSI_STDIO but let's just
use the same behavior for both MSVC and mingw-w64.
Reported by @birdstakes.
Windows API ignores all trailing spaces and periods which can get around
Quake 3 file system restrictions. QVM opening 'uix86.dll.' actually
opens 'uix86.dll' which allows QVM to write native code.
This is done in the low-level Sys_FOpen() instead of the function
directly used by VMs ( FS_FOpenFileByMode() ) in case there are engine
commands now or in the future that can read or write arbitrary files.
Reported by Noah Metzger (Chomenor).
My cvar latch system changes prevent the Game VM from changing
g_gametype when the value is out of range due to it being registed in
the engine. It's been pointed out as fragile method of security, which
was still exploitable, by Noah Metzger (Chomenor). It doesn't seem like
this is working out to be a good solution.
The issue of fs_game '..' on server being relicated on client via
systeminfo exploit is still fixed as it's not affected by latch.
There are a few cases from current values of fs_game are used which
ideally should use fs_gamedir char array which has been validated.
Revert "Don't let VMs change engine latch cvars immediately"
Partially revert "Fix fs_game '..' reading outside of home and base path"
Revert "Fix VMs forcing engine latch cvar to update to latched value"
A few commits ago I stopped VM's Cvar_Set() from instantly updating
latched values. Now VM can't call Cvar_Register() afterword to force
latched value to be used.
Reported by Noah Metzger (Chomenor).
VMs could set fs_game to '..' at anytime to access files outside of home
and base path. fs_game sent by server to clients could also be '..' to
access files outside of home and base path.
'..' was not caught by FS_CheckDirTraversal() as it expects filenames
not a single directory.
I've made fs_game be latched to prevent VMs from changing it with no
good way to validate it before it's used. com_basegame and fs_basegame
are now latched as well.
Additionally, it's now possible to change com_basegame while the engine
is running. game_restart or vid_restart will make it take affect.
com_homepath is now CVAR_PROTECTED to prevent VMs from changing it
to a directory traversal.
This requires my two previous commits for preventing VMs from changing
engine latch cvars and only Cvar_Get fs_game in FS_Startup (so CVAR_INIT
isn't added in serveral other places).
Reported by Noah Metzger (Chomenor).
If a VM increases sv_maxclients while a server is running the engine
will crash. The value should be latched until engine decides to update
the cvar; the same as when a user sets it.
VM could use Cvar_Register to set a protected cvar as user created and
was then able to use Cvar_Register with CVAR_ROM to change the value.
Don't allow Cvar_Register to affect protected cvars and prevent VMs
from adding internal flags to any cvars (creator, modified, protected,
nonexistent).
Reported by Noah Metzger (Chomenor).
There was an extra plus sign in Huff_Compress(). It wasn't causing any
issues as it does not affect the generated code. Removing it makes the
source code the same as Huff_Decompress().
The odd source code was brought to my attention by Tobias Kuehnhammer.
Use opengl1 renderer behavior of adding fixed amount of ambient light
to all models regardless of HDR setting. It fixes the view weapon
having zero ambient light on pillcity map.
Models for Team Arena's holdable medkit and invulnerability effects use
the frames numbers from the player's torso but the actual models only
have one frame (0).
Gauntlet and Grappling Hook use -1 ammo. Gauntlet is excluded from
the check ammo loop but Grappling Hook causes ammo time remaining
to decrease 200 milliseconds.
The out of ammo check tests time remaining is equal to zero. This
means carrying Grappling Hook and out of ammo will have negative
time remaining which results in the low ammo message being displayed
instead of out of ammo.
The game world is too dark when r_autoExposure is disabled. It can be
fixed by setting (cheat) r_cameraExposure to 1 but then the game is
too bright when r_autoExposure is enabled. So default r_cameraExposure
to 1 and make auto exposure subtract 1 from r_cameraExposure value.
The use of signed types in these expressions lead to overflow, hence undefined behaviour. The "sum" aggregator in Com_TouchMemory isn't even used (and presumbably just exists to inhibit optimizations from removing the memory access).
- Parse OpenGL version in sdl_glimp.c to share with both renderers.
- Add GL_VERSION_ATLEAST(major, minor) macro.
- Get address of glGetStringi if using OpenGL 3.
- Fix glConfig.extensions_string when using GL3 core context in
opengl2 renderer.
- Make opengl1 renderer's gfxinfo support qglGetStringi too.
Get all OpenGL functions using SDL_GL_GetProcAddress(). This makes it
easier to cross-arch compile on Linux and add support for OpenGL ES
in the future.
Users still have to supply their own libSDL2 for cross-arch compiling
on Linux. But now the user does not have to re-install libgl1-mesa-dev
package for i386 or amd64 on Debian when switching between compiling
ioquake3 for x86 and x86_64.
If a lightning bolt killed a player or the first shotgun pellet that
hit a player killed them, the shot was not counted as accurate.
Check if shot player is alive for hit accuracy before dealing damage.
Running a server using the client engine would send server snapshots
to loopback and LAN clients each client frame (com_maxfps).
This causes excessive network traffic and likely does not provide new
information to the clients because SV_Frame() won't have run between
the extra snapshots.
This commit restores the original behavior of respecting local/LAN
client's snaps userinfo and sv_fps. The issue was introduced by the
following commit:
Commit ac30d86db0
From: Thilo Schulz
Date: Wed, 13 Jul 2011 17:11:30 +0000
Subject: - Improve snapshot rate and data rate control
Reported by Eugene C.
Fix "Error parsing animation file" messages in UI. Caused by fixing the
handling of missing tokens in animation.cfg parser in a past commit.
Fix new Team Arena torso animation frame numbers in UI.
Add support for fixedtorso and fixedlegs keywords.
Add support for reversed animations (negative numframes).
Disable SDL relative mouse mode when in_nograb is enabled. Relative
mouse mode hides the cursor and it cannot exit the window regardless
of the window's grab state.
This wasn't always the case. SDL before 2.0.4 on GNU/Linux released
the mouse cursor in relative mode. However, SDL 2.0.3/4 on Windows
does not. (I did not test other Windows versions.) So I think SDL
2.0.4 made GNU/Linux X11 behavior consistent with other platforms.
This fixes mouse input being unusable when debuging client crashes
in gdb.
Entering Team Arena's start server or in-game callvote menu causes
arenas to be reloaded. The existing memory is not freed so after
a entering the menus a few times the UI runs out of memory and
crashes.
Just load arenas once when the UI loads like in q3_ui.
- Use common controls 6 so error dialogs use correct visuals on
Windows XP or later!
- Specify running as invoker so Windows doesn't guess if it should
prompt for admin permission on Vista or later.
- Specify compatible with Vista through Windows 10. Tells Windows
not to emulate Vista behavior, not sure if it affects anything.
Makefile automatically runs windres when manifest changes.
After 'Fix floating point precision loss in renderer', Windows x86
client won't load the renderer DLLs. The problem is a 64 bit modulus.
I couldn't find any reports of this online. However, client with
built-in renderer worked with the 64 bit modulus.
Only tested with mingw-w64.
ioquake3.x86_64.exe can't load x86 OpenAL32.dll. Using separate
library names allows shipping OpenAL for both architectures.
Though since the dll name is saved in the config file, using both
clients on the same computer will cause one client arch to always
try to load the wrong OpenAL dll and then fallback to the correct
default OpenAL dll. I guess it could be fixed by using separate
cvar names for s_alDriver.
Don't draw crosshair 0 in Team Arena setup menu. It isn't drawn
in CGame. Wrap cg_drawCrosshair in missionpack menu like CGame
instead of treating as index 0 which is no longer drawn.
Make spectators use green background for team chat box when following
players. The team chat messages are from spectators not the team of
the followed player.
Make spectators draw team chat box even when not following a player.
Only use the crusher for killing the bot's enemy. This doesn't
affect 1v1 very much but prevents the whole team of bots in CTF
from suddenly shooting at the crusher button. Entering the crusher
bounds was basically instant death.
Make bots activate crusher on q3tourney6_ctf and mpq3tourney6.
Check if player is inside the crush bounds instead of below the
crusher. There is a jumppad the goes under it in mpq3tourney6.
SDL doesn't provide exact the exact time that input events happen
so use the earliest possible time that an event could happen.
This make sub-frame input actions such as walking take affect
immediately instead of in the next frame.
Based on patch by Alexander "wareya" Nadeau.
Make callTeamVote check for all command separators like in callVote.
It's not exploitable as the only vote option (leader) always uses an
integer argument.
Also the ioquake3 engine remove command separators from client game
commands in Cmd_Args_Sanitize().
Fix floatTime using float precision instead of double using GCC.
Fix R_BindAnimatedImage to be in sync with function table.
Fix vertexDeform bulge, vertexDeform normals, noise wave function
at high level time.
Revert unnecessary float -> double conversions.
Patch for https://bugzilla.icculus.org/show_bug.cgi?id=5931 by
Eugene C. from 2013 plus recent fix for tcMod rotate.
I merged the changes into the OpenGL2 renderer though the fix for
tcMod turb doesn't translate.
Prevent reading past end of message in MSG_ReadBits. If read past
end of msg->data buffer (16348 bytes) the engine could SEGFAULT.
Make MSG_WriteBits use an exact buffer overflow check instead of
possibly failing with a few bytes left.
Setting cl_renderer isn't a security concern and valid behavior for
a menu to provide. Sys_LoadDLL ensures only libries are loaded and
engine prevents QVMs from writing them.
This commit fixes the vanilla Q3 UI VMs not displaying a server list
when id Software's master server is down.
Originally master 0 for the globalservers command was Internet and
master 1 was MPlayer (defunct). In 2008 ioquake3 changed it so that
master 0 to 4 were five separate master servers with no affect on
original Quake3/Team Arena UI VMs; they continued to get the server
list from master.quake3arena.com.
id Software's master server (master.quake3arena.com) goes down
occasionally. Using ioq3's UI VM additional master servers can be
accessed but players using the original UI VMs are unable to get a
server list.
In order to fix the original UI VMs in Quake3/Team Arena's pk3s this
commit makes 'globalservers 0' fetch all master servers. So players
get a combined list of id Software's and ioquake3's master list. Or
just ioquake3's list if id Software's master is down.
Getting lists from individual master servers using globalservers has
changed from 0 through 4 to 1 through 5 to accommodate using 0 for
other purposes. This commit modifies ioq3's UI code to support the new
values for globalservers command.
A side affect of these changes is that UI VMs based on ioq3 since 2008
will have Internet1 fetch all master servers and Internet2 request
sv_master1 instead of sv_master2 and so on. It may be worth noting that
getting server list from masters 3-5 could not be done using ioq3's UI
before 2011.
The Team Arena code for giving defense bonus for fragging player
who recently damaged a skull carrier unintentionally applied to
the flag carrier.
The skull carrier case would of been handled by the flag carrier
block above it. However, Harvest mode doesn't call
Team_CheckHurtCarrier() so the skull carrier defense bonus does
not work.
This restores the pre-Team Arena behavior of not giving defense
score bonus to flag carrier.
Fix copy-paste error in the original Quake 3 code. The wrong values
are used for v1 and v2. v2 was previously set to distance of attacker
to flag base; which should be handled already.
The game now gives defense score bonus to player when they frag an
enemy near their team's flag carrier while the player is more than
1000 units from the flag carrier.
This may also fix not giving defense bonus when near carrier due to
checking if carrier and enemy (instead of attacker) are in PVS.
Found by @Razish.
Models don't have a surface limit; skins shouldn't either. Some player
models require more than 32 surfaces since vanilla Quake 3 did not
enforce the limit.
Skins are now limited to 256 surfaces because having no limit would
require parsing the skin file twice. The skin surfaces are dynamically
allocated so it doesn't increase memory usage when less surfaces
are used.
ArenaServers_InsertFavorites() fails to do anything because favorites
are added to the server list even if nonresponsive.
Set nonresponsive favorite server hostname to address.
When refreshing local servers, Team Arean UI never changed the status
message when it timed out. This gave a false impression it was still
looking for servers.
Let's continue looking for local servers in q3_ui and Team Arena UI
until one is found.
Restore MD3 code for cg_shadows 2 and 3 like other model formats.
Fix planar projection shadow deform (cg_shadows 3) to use correct
light direction. I fixed light direction for stencil shadows
(cg_shadows 2) but it's still broken.
Don't add the same bot to multiple teams until there are as many
bots on the server as there are bot types.
Previously each team would have unique bots until all bot types
were added to the team but other teams may have the same bot. Now
there will not be any duplicate bots until there are more bots than
bot types.
Now Quake 3 (32 bot types) in 16 vs 16 bot CTF will not contain
duplicate bot types. (You have to increase memory in code/game/
g_mem.c in order to add 32 bots though.)
I had to change G_AddRandomBot() to use 'addbot random' or else the
same bot could be added to red and blue teams. The bot was selected
and stored in console command buffer so game doesn't know not to
select the bot again.
If there are two bot infos in scripts/bots.txt then each team can
only add two random bots via bot_minplayers or addbot random.
Pick random bot info from least used bot infos instead of only ones
that are used by zero players. That way a random bot can always be
added to the game.
This rarely affected Quake 3 since there is 32 bot infos. It could
easily affect new games though.
Team Arena's Overload gametype has red and blue team Obelisk base
objects. It uses separate entities for visual and damage. Only the
damageable entity was dropped to floor. Leaving model floating off
the ground.
Team Arena's Harvester base has the same problem. Model entity
floats in air but trigger entity drops to floor.
Drop all Team Arena team base models to floor. Fixes CTF, 1Flag,
Overload, and Harvester base models.
There are various issues caused by not knowing the initial team for
the local client and bots when they connect. This is can be reproduced
by starting a team game from the main menu.
When g_teamAutoJoin is enabled, bots and local client join a random
team at connect and then execute their team command a few frames
later. This may result in the player being killed if they specify a
different team. In Team Arena's Harvester mode this causes harvester
skulls to be spawned at the beginning of the game.
When g_teamForceBalance is enabled, the local client and bots may not
be able to join their desired team. This may result in them being
spectators. If g_teamAutoJoin is also enabled they may be left on
the opposite (red/blue) team they were meant to join.
There is a hack for including bot's team in their player info string
(used by cgame for which team skin to use) before the bot joins
their desired team. Bots aren't guaranteed to join their desired team
(as may happen when both g_teamAutoJoin and g_teamForceBalance are
enabled) so clients may see them as being on the wrong team!
----
Add teampref userinfo option for team preference. If teampref is set
it will be used for attempting to join the team immediately at connect.
Bots now join team at connect using teampref userinfo. So remove
the hack for setting bot's team in player info string before the bot
joins the team.
To avoid the client sending teampref userinfo to all network servers,
the local client uses a g_localTeamPref cvar. The g_localTeamPref
cvar is cleared after it's used so it doesn't get used when starting
another server later. Another reason not to use a teampref userinfo
cvar is there isn't a reliable way to clear it in CGame/UI which are
likely loaded from baseq3 pk3.
Make it so g_teamAutoJoin doesn't affect clients who specify
teampref. If teampref is invalid, the client will join a random team
like g_teamAutoJoin.
Don't apply g_teamForceBalance to the local client or bots. Otherwise
they may be left as spectators when starting team game from menu.
The start server menus use team command and g_localTeamPref to set
the human player's team. This way it's compatible with vanilla Q3
game VMs and the new setting team at connect feature.
