mirror of
https://github.com/UberGames/lilium-voyager.git
synced 2024-12-14 14:11:15 +00:00
Fix buffer overflow, report and patch by Eugene C. (#4669)
This commit is contained in:
parent
31b3acf587
commit
3ff2666375
1 changed files with 8 additions and 0 deletions
|
@ -1043,6 +1043,10 @@ void MSG_ReadDeltaEntity( msg_t *msg, entityState_t *from, entityState_t *to,
|
||||||
numFields = sizeof(entityStateFields)/sizeof(entityStateFields[0]);
|
numFields = sizeof(entityStateFields)/sizeof(entityStateFields[0]);
|
||||||
lc = MSG_ReadByte(msg);
|
lc = MSG_ReadByte(msg);
|
||||||
|
|
||||||
|
if ( lc > numFields || lc < 0 ) {
|
||||||
|
Com_Error( ERR_DROP, "invalid entityState field count" );
|
||||||
|
}
|
||||||
|
|
||||||
// shownet 2/3 will interleave with other printed info, -1 will
|
// shownet 2/3 will interleave with other printed info, -1 will
|
||||||
// just print the delta records`
|
// just print the delta records`
|
||||||
if ( cl_shownet->integer >= 2 || cl_shownet->integer == -1 ) {
|
if ( cl_shownet->integer >= 2 || cl_shownet->integer == -1 ) {
|
||||||
|
@ -1376,6 +1380,10 @@ void MSG_ReadDeltaPlayerstate (msg_t *msg, playerState_t *from, playerState_t *t
|
||||||
numFields = sizeof( playerStateFields ) / sizeof( playerStateFields[0] );
|
numFields = sizeof( playerStateFields ) / sizeof( playerStateFields[0] );
|
||||||
lc = MSG_ReadByte(msg);
|
lc = MSG_ReadByte(msg);
|
||||||
|
|
||||||
|
if ( lc > numFields || lc < 0 ) {
|
||||||
|
Com_Error( ERR_DROP, "invalid playerState field count" );
|
||||||
|
}
|
||||||
|
|
||||||
for ( i = 0, field = playerStateFields ; i < lc ; i++, field++ ) {
|
for ( i = 0, field = playerStateFields ; i < lc ; i++, field++ ) {
|
||||||
fromF = (int *)( (byte *)from + field->offset );
|
fromF = (int *)( (byte *)from + field->offset );
|
||||||
toF = (int *)( (byte *)to + field->offset );
|
toF = (int *)( (byte *)to + field->offset );
|
||||||
|
|
Loading…
Reference in a new issue