ubergames/lilium-voyager
0
0
Fork 0
mirror of https://github.com/UberGames/lilium-voyager.git synced 2024-11-10 14:41:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix buffer overflow, report and patch by Eugene C. (#4669)

Browse source
This commit is contained in:
Thilo Schulz 2010-07-02 20:21:20 +00:00
parent 31b3acf587
commit 3ff2666375
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
code/qcommon/msg.c
View file

@ -1043,6 +1043,10 @@ void MSG_ReadDeltaEntity( msg_t *msg, entityState_t *from, entityState_t *to,
numFields = sizeof(entityStateFields)/sizeof(entityStateFields[0]);
lc = MSG_ReadByte(msg);
if ( lc > numFields || lc < 0 ) {
Com_Error( ERR_DROP, "invalid entityState field count" );
}
// shownet 2/3 will interleave with other printed info, -1 will
// just print the delta records`
if ( cl_shownet->integer >= 2 || cl_shownet->integer == -1 ) {
@ -1376,6 +1380,10 @@ void MSG_ReadDeltaPlayerstate (msg_t *msg, playerState_t *from, playerState_t *t
numFields = sizeof( playerStateFields ) / sizeof( playerStateFields[0] );
lc = MSG_ReadByte(msg);
if ( lc > numFields || lc < 0 ) {
Com_Error( ERR_DROP, "invalid playerState field count" );
}
for ( i = 0, field = playerStateFields ; i < lc ; i++, field++ ) {
fromF = (int *)( (byte *)from + field->offset );
toF = (int *)( (byte *)to + field->offset );