ubergames/lilium-voyager
0
0
Fork 0
mirror of https://github.com/UberGames/lilium-voyager.git synced 2024-11-10 06:31:47 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix q3history buffer not cleared between mods and OOB-access

Browse source 
Loading a 1024-byte q3history file will fill the whole consoleSaveBuffer
leaving no space for a string terminator. Com_Parse will read at least
one byte beyond the end of consoleSaveBuffer. The written console
history file can only be 1023 bytes (enforced by Q_strcat) so don't
allow loading size of 1024.

If switching to a mod with a shorter q3history file, the data in
consoleSaveBuffer that isn't overwritten will be parsed. So always
add a string terminator.

String not terminated reported by David "devnexen" CARLIER.
This commit is contained in:
Zack Middleton 2018-04-09 01:56:07 -05:00
parent 699cbed7c7
commit 3ad427c68d
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
code/client/cl_keys.c
View file

@ -1478,9 +1478,10 @@ void CL_LoadConsoleHistory( void )
return; return;
} }
if( consoleSaveBufferSize <= MAX_CONSOLE_SAVE_BUFFER && if( consoleSaveBufferSize < MAX_CONSOLE_SAVE_BUFFER &&
FS_Read( consoleSaveBuffer, consoleSaveBufferSize, f ) == consoleSaveBufferSize ) FS_Read( consoleSaveBuffer, consoleSaveBufferSize, f ) == consoleSaveBufferSize )
{ {
consoleSaveBuffer[consoleSaveBufferSize] = '\0';
text_p = consoleSaveBuffer; text_p = consoleSaveBuffer;
for( i = COMMAND_HISTORY - 1; i >= 0; i-- ) for( i = COMMAND_HISTORY - 1; i >= 0; i-- )