mirror of
https://github.com/UberGames/lilium-voyager.git
synced 2024-12-13 13:40:56 +00:00
Fix q3history buffer not cleared between mods and OOB-access
Loading a 1024-byte q3history file will fill the whole consoleSaveBuffer leaving no space for a string terminator. Com_Parse will read at least one byte beyond the end of consoleSaveBuffer. The written console history file can only be 1023 bytes (enforced by Q_strcat) so don't allow loading size of 1024. If switching to a mod with a shorter q3history file, the data in consoleSaveBuffer that isn't overwritten will be parsed. So always add a string terminator. String not terminated reported by David "devnexen" CARLIER.
This commit is contained in:
parent
699cbed7c7
commit
3ad427c68d
1 changed files with 2 additions and 1 deletions
|
@ -1478,9 +1478,10 @@ void CL_LoadConsoleHistory( void )
|
|||
return;
|
||||
}
|
||||
|
||||
if( consoleSaveBufferSize <= MAX_CONSOLE_SAVE_BUFFER &&
|
||||
if( consoleSaveBufferSize < MAX_CONSOLE_SAVE_BUFFER &&
|
||||
FS_Read( consoleSaveBuffer, consoleSaveBufferSize, f ) == consoleSaveBufferSize )
|
||||
{
|
||||
consoleSaveBuffer[consoleSaveBufferSize] = '\0';
|
||||
text_p = consoleSaveBuffer;
|
||||
|
||||
for( i = COMMAND_HISTORY - 1; i >= 0; i-- )
|
||||
|
|
Loading…
Reference in a new issue