Commit graph

2705 commits

Author SHA1 Message Date
Zack Middleton
ae9edd1491 Fix shifting bits out of byte in tr_font.c
Found using LLVM sanitizer. Reported by Dominic "lonkamikaze" Fandrey.
2018-04-08 21:41:31 -05:00
Dominic Fandrey
a494edeb94 Fix undefined behaviour due to shifting signed in snd_mem.c 2018-04-08 21:41:26 -05:00
Zack Middleton
4ea0eebfe5 Fix nullptr dereference in front of nullptr check in FS_CheckPak0
Found using LLVM sanitizer. Reported by Dominic "lonkamikaze" Fandrey
and David "devnexen" CARLIER.
2018-04-08 20:56:08 -05:00
Eugene C
9f294ce520 Fix MSG_Read*String*() functions not being able to read last byte from message
This is exact root of q3msgboom bug http://aluigi.altervista.org/adv/q3msgboom-adv.txt
Unfortunately, server still need this ugly '1022 char limit' hack to support unfixed clients in some degree.
And as it affects MSG_ReadBigString() - unfixed clients can still be crashed by 8191-chars long configstrings that comes with gamestate
2018-04-03 22:36:24 -05:00
Zack Middleton
3bf48877f3 Fix "Going to CS_ZOMBIE for [clientname]" developer message
Client name was cleared before printing the message resulting in
a blank name.
2018-04-03 21:37:59 -05:00
Zack Middleton
b61e2998f3 Fix exploit to reset player by sending wrong serverId
If client sends wrong serverId but is already active in the world
(CS_ACTIVE) don't resend initial gamestate for the map. This isn't a
valid situation. The player should be CS_CONNECTED or CS_PRIMED.

Resending gamestate to an active player will cause them to respawn
without dying or disconnecting. If the player had a CTF flag it gets
lost until the map is changed or restarted.

Reported by Ensiform at:

    https://bugzilla.icculus.org/show_bug.cgi?id=6324
2018-04-03 21:37:15 -05:00
Zack Middleton
484149573b Allow loading system OpenAL library on macOS again
In May 2017 the library loading was limited to *.dylib but the macOS
system OpenAL framework does not have dylib extension. So allow loading
files from /System/Library/Frameworks/ as libraries even without dylib
extension.

This is checked in Sys_DllExtension() so that QVM filesystem access will
not allow writing files to /System/Library/Frameworks/ even if homepath
is changed to include it. (Admittedly it doesn't fit the function name
but fits the function description and current usage.)
2018-03-22 14:58:44 -05:00
Zack Middleton
acef71af5e Rename (already updated) opusfile-0.8 to opusfile-0.9 2018-03-16 13:29:20 -05:00
Zack Middleton
58a315fe3f Update opusfile from 0.8 to 0.9 2018-03-16 13:29:20 -05:00
Zack Middleton
8611eb421d Rename (already updated) opus-1.1.4 to opus-1.2.1 2018-03-16 13:29:19 -05:00
Zack Middleton
cb24c59567 Update opus from 1.1.4 to 1.2.1 2018-03-16 13:29:19 -05:00
Zack Middleton
c38c823a2a Rename (already updated) libvorbis-1.3.5 to libvorbis-1.3.6 2018-03-16 13:29:19 -05:00
Zack Middleton
b78c6e61bf Update libvorbis from 1.3.5 to 1.3.6
* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
2018-03-16 13:29:02 -05:00
Zack Middleton
ebd3d516ac Rename (already updated) libogg-1.3.2 to libogg-1.3.3 2018-03-16 13:11:27 -05:00
Zack Middleton
2e7900c1aa Update libogg from 1.3.2 to 1.3.3 2018-03-16 13:11:27 -05:00
Tom Murphy
af6b1f8edf Remove CON_FlushIn function and where STDIN needs flushing, use tcflush POSIX function 2018-03-14 21:43:56 +00:00
Zack Middleton
b48d902672 OpenGL1: Use glGenTextures instead of hardcoded values
It's the proper way to use the OpenGL API. It's already done in the
OpenGL2 renderer.
2018-03-13 09:17:23 -05:00
Zack Middleton
0d6edd227a Support Unicode characters greater than 0xFF in cl_consoleKeys
Unrelated: make '0x' value be -1 (invalid) instead of 0.

Reported by MAN-AT-ARMS.
2018-02-22 18:15:53 -06:00
Zack Middleton
00c3480938 OpenGL2: Fix crash when BSP has deluxe maps and vertex lit surfaces
Reported by Mickaël Thomas (mickael9).
2018-02-18 13:05:27 -06:00
Zack Middleton
d1f82ed567 Increase q3_ui .arena filename list buffer size to 4096 bytes
Allow listing about 273 .arena filenames for loading in q3_ui instead
of only about 136 that fit in a 2048 byte buffer (average 15 bytes per
file name).

The buffer for filename list runs out of space long before the buffer
for arena file content does. There is no warning for file list out of
space but there is a warning for arena file content.

This was requested by a user with many maps.
2018-02-11 15:54:05 -06:00
Thomas Köppe
3f29b8558d [qcommon] Make several zone variables and functions static. 2018-02-07 09:13:27 -06:00
Thomas Köppe
d047210aca [qcommon] Remove dead serialization code 2018-02-05 10:37:46 -06:00
Zack Middleton
71a9a5efa6 Make FS_InvalidGameDir() consider subdirectories invalid
fs_game shouldn't be a subdirectory and it simplifies the code.
2018-02-04 20:34:48 -06:00
Zack Middleton
3d6aa05694 OpenGL2: Fix dark lightmap on shader in mpteam6
Team Arena's mpteam6 map has a shader textures/base_wall2/space_concrete
that contains an opaque stage, two non-lightmap blendfunc filter stages,
a blendfunc add stage, and a lightmap stage. The lightmap was attached
to all four of the non-lightmap stages causing the filter stages to
darken the lightmap multiple times.

Change setting up the lightall GLSL shader to only use lightmap if it's
the first stage or not a blendfunc filter stage. Now only the opaque
and blendfunc add stages of the mpteam6 shader use the lightmap.

Reported by Alexander Nadeau (wareya).
2018-02-04 14:34:17 -06:00
Zack Middleton
0b6d97f849 Fix negative frag/capturelimit causing an infinite map end loop
Reported by @vloup.
2018-02-04 10:37:39 -06:00
Zack Middleton
fc16ac6bd2 Fix invalid access to cluster 0 in AAS_AreaRouteToGoalArea()
Newer versions of BSPC such as 2.1h included with the Quake 3 GPL source
code create AAS files containing areas in cluster 0 if the area has no
reachabilities.

The AAS files included with Quake 3 and Team Arena do not contain areas
in cluster 0. It's apparent that BSPC would not create them. Instead it
created clusters with no reachability areas.

It seems the intention was to check if the areanum and goalareanum have
reachable areas using AAS_AreaReachability(areanum) everywhere before
calling AAS_AreaRouteToGoalArea(). This prevents adding cluster 0 to
the routing cache and portal cache. However, it is not checked
everywhere and including some places in the Game VM.

Fix AAS_AreaRouteToGoalArea() instead of trying to wack-a-mole with all
the places that call it.

Cluster 0 access reported by Thomas Köppe (github @tkoeppe) as causing
crashes in rare cases.
2018-02-04 09:07:44 -06:00
Zack Middleton
0822772ea2 Fix timelimit causing an infinite map ending loop
A negative timelimit value or a value that would overflow the
multiplication by 60000 caused an endless map change/reload.

Based on patch and description by @vloup.
2018-02-04 09:00:08 -06:00
Zack Middleton
83119a990a Fix Q_vsnprintf for mingw-w64
By default mingw-w64 uses Microsoft's broken _vsnprintf() in msvcrt.dll.
It can be overriden by defining __USE_MINGW_ANSI_STDIO but let's just
use the same behavior for both MSVC and mingw-w64.

Reported by @birdstakes.
2018-02-04 08:04:13 -06:00
Zack Middleton
df8f657f09 Fix exploit to bypass filename restrictions on Windows
Windows API ignores all trailing spaces and periods which can get around
Quake 3 file system restrictions. QVM opening 'uix86.dll.' actually
opens 'uix86.dll' which allows QVM to write native code.

This is done in the low-level Sys_FOpen() instead of the function
directly used by VMs ( FS_FOpenFileByMode() ) in case there are engine
commands now or in the future that can read or write arbitrary files.

Reported by Noah Metzger (Chomenor).
2018-01-30 07:59:25 -06:00
Zack Middleton
738465d677 Revert my recent cvar latch changes
My cvar latch system changes prevent the Game VM from changing
g_gametype when the value is out of range due to it being registed in
the engine. It's been pointed out as fragile method of security, which
was still exploitable, by Noah Metzger (Chomenor). It doesn't seem like
this is working out to be a good solution.

The issue of fs_game '..' on server being relicated on client via
systeminfo exploit is still fixed as it's not affected by latch.
There are a few cases from current values of fs_game are used which
ideally should use fs_gamedir char array which has been validated.

Revert "Don't let VMs change engine latch cvars immediately"
Partially revert "Fix fs_game '..' reading outside of home and base path"
Revert "Fix VMs forcing engine latch cvar to update to latched value"
2018-01-21 22:45:46 -06:00
Zack Middleton
ed8d48cac3 Fix VMs forcing engine latch cvar to update to latched value
A few commits ago I stopped VM's Cvar_Set() from instantly updating
latched values. Now VM can't call Cvar_Register() afterword to force
latched value to be used.

Reported by Noah Metzger (Chomenor).
2018-01-21 19:49:16 -06:00
Zack Middleton
3638f69dff Fix fs_game '..' reading outside of home and base path
VMs could set fs_game to '..' at anytime to access files outside of home
and base path. fs_game sent by server to clients could also be '..' to
access files outside of home and base path.

'..' was not caught by FS_CheckDirTraversal() as it expects filenames
not a single directory.

I've made fs_game be latched to prevent VMs from changing it with no
good way to validate it before it's used. com_basegame and fs_basegame
are now latched as well.

Additionally, it's now possible to change com_basegame while the engine
is running. game_restart or vid_restart will make it take affect.
com_homepath is now CVAR_PROTECTED to prevent VMs from changing it
to a directory traversal.

This requires my two previous commits for preventing VMs from changing
engine latch cvars and only Cvar_Get fs_game in FS_Startup (so CVAR_INIT
isn't added in serveral other places).

Reported by Noah Metzger (Chomenor).
2018-01-21 06:02:28 -06:00
Zack Middleton
78ca670d4f Don't let VMs change engine latch cvars immediately
If a VM increases sv_maxclients while a server is running the engine
will crash. The value should be latched until engine decides to update
the cvar; the same as when a user sets it.
2018-01-21 06:02:08 -06:00
Zack Middleton
adef4e6c9e Don't register fs_game cvar everywhere just to get the value 2018-01-21 06:02:08 -06:00
Zack Middleton
3a6af1bc48 Fix VMs being able to change CVAR_PROTECTED cvars
VM could use Cvar_Register to set a protected cvar as user created and
was then able to use Cvar_Register with CVAR_ROM to change the value.

Don't allow Cvar_Register to affect protected cvars and prevent VMs
from adding internal flags to any cvars (creator, modified, protected,
nonexistent).

Reported by Noah Metzger (Chomenor).
2018-01-21 06:02:08 -06:00
Thomas Köppe
917bca4f7d Use standard offsetof facility. Dereferencing a null pointer results
in undefined behaviour.
2018-01-21 06:01:50 -06:00
Thomas Köppe
ed1794fe17 Change shift expressions to unsigned types. Shifting signed values to
a result that is not representable has undefined behaviour.
2018-01-21 06:01:50 -06:00
Zack Middleton
7e2aa2c627 Remove extra plus sign from Huff_Compress()
There was an extra plus sign in Huff_Compress(). It wasn't causing any
issues as it does not affect the generated code. Removing it makes the
source code the same as Huff_Decompress().

The odd source code was brought to my attention by Tobias Kuehnhammer.
2018-01-14 18:38:38 -06:00
Zack Middleton
22fcd82965 Make FS_BuildOSPath for botlib.log consistent with typical usage
I don't think anywhere else uses "" to mean current game directory.
Though it's only an issue for my fork where I removed that behavior.
2017-12-23 17:01:08 -06:00
Eugene C
f3bdd6f022 Don't allow qagame module to create "botlib.log" at ANY filesystem location 2017-12-23 16:41:13 -06:00
David CARLIER
c904f6d4aa fix a few potential buffer overwrite in Game VM 2017-12-16 12:51:34 -06:00
David CARLIER
76ec9fb6bd Few LCC memory fixes. 2017-12-15 18:08:23 -06:00
Zack Middleton
7c2dd01873 OpenGL2: Restore adding fixed ambient light when HDR is enabled
Use opengl1 renderer behavior of adding fixed amount of ambient light
to all models regardless of HDR setting. It fixes the view weapon
having zero ambient light on pillcity map.
2017-12-15 17:46:51 -06:00
Zack Middleton
bad8c3ba4e Fix GCC 6 misleading-indentation warning 2017-12-03 05:51:40 -06:00
Zack Middleton
424e1ac7b1 Fix invalid model frame developer warnings in Team Arena
Models for Team Arena's holdable medkit and invulnerability effects use
the frames numbers from the player's torso but the actual models only
have one frame (0).
2017-11-22 20:21:02 -06:00
Zack Middleton
d40b047f13 Correct spelling of two more words
Thanks Undeference for pointing out abreviations.
2017-11-22 20:17:21 -06:00
Edward Betts
fe42b8653d Correct spelling mistakes. 2017-11-22 01:40:20 -06:00
Zack Middleton
3e1599ac4b Fix my previous commit about -1 ammo 2017-11-10 21:09:23 -06:00
Zack Middleton
4af2c91fbf Fix -1 (unlimited) ammo decreasing ammo time remaining
Gauntlet and Grappling Hook use -1 ammo. Gauntlet is excluded from
the check ammo loop but Grappling Hook causes ammo time remaining
to decrease 200 milliseconds.

The out of ammo check tests time remaining is equal to zero. This
means carrying Grappling Hook and out of ammo will have negative
time remaining which results in the low ammo message being displayed
instead of out of ammo.
2017-11-10 20:33:07 -06:00
Zack Middleton
471ea9e564 Fix Team Arena server refresh time format
Make minute less than 10 have a leading 0. Change '7:1' to '7:01'.
2017-11-10 20:06:04 -06:00
Zack Middleton
e8450cae33 OpenGL2: Use ri.Error instead of Com_Error in tr_vbo.c
Com_Error is a wrapper for ri.Error. Use it directly.
2017-11-05 20:58:57 -06:00
Zack Middleton
690c5a4dac Don't send team overlay info to bots 2017-10-09 02:34:22 -05:00
Zack Middleton
b4a4fe98d4 Fix reading crash log when log wraps around buffer 2017-10-08 07:19:07 -05:00
Zack Middleton
9e502bda4d Only draw cm_patch/bot debug polygons in world scenes
Fixes debug polygons appearing in HUD head model scene.
2017-10-08 07:18:40 -05:00
Zack Middleton
e46e9846fc Fix memory leak in (unused) AAS_FloodAreas() 2017-10-07 08:02:24 -05:00
Zack Middleton
815c898bf5 Don't redefine MAX_PATH in bot code 2017-10-04 22:13:50 -05:00
Thomas Köppe
39b0702550 [botlib/be_aas_def.h] Change array size from MAX_PATH to MAX_QPATH
The array is part of a structure and should have a fixed size that does
not depend on inclusion order.
2017-10-04 21:41:41 -05:00
Zack Middleton
d824cfa5a2 OpenGL2: Fix MD3 surface with zero shaders dividing by zero
Reported by @DescX.
2017-10-04 21:00:04 -05:00
Zack Middleton
ac4802af8d OpenGL2: Fix brightness when r_autoExposure is disabled
The game world is too dark when r_autoExposure is disabled. It can be
fixed by setting (cheat) r_cameraExposure to 1 but then the game is
too bright when r_autoExposure is enabled. So default r_cameraExposure
to 1 and make auto exposure subtract 1 from r_cameraExposure value.
2017-10-02 20:46:36 -05:00
Thomas Köppe
b3223dcfcb [qcommon] Use unsigned types where wrapping arithmetic is intended
The use of signed types in these expressions lead to overflow, hence undefined behaviour. The "sum" aggregator in Com_TouchMemory isn't even used (and presumbably just exists to inhibit optimizations from removing the memory access).
2017-10-02 19:46:37 -05:00
Zack Middleton
a83ae01d93 Load OpenGL ES 1.1 function procs 2017-10-02 04:48:07 -05:00
Zack Middleton
da07a6dbd9 Support parsing OpenGL ES version strings
The renderers don't support OpenGL ES though.
2017-10-01 23:09:20 -05:00
Zack Middleton
c9d12aa3f3 Add common OpenGL version parsing + OpenGL 3 fixes
- Parse OpenGL version in sdl_glimp.c to share with both renderers.
- Add GL_VERSION_ATLEAST(major, minor) macro.
- Get address of glGetStringi if using OpenGL 3.
- Fix glConfig.extensions_string when using GL3 core context in
opengl2 renderer.
- Make opengl1 renderer's gfxinfo support qglGetStringi too.
2017-10-01 23:09:20 -05:00
Zack Middleton
20573bce43 Don't link to libGL at compile time
Get all OpenGL functions using SDL_GL_GetProcAddress(). This makes it
easier to cross-arch compile on Linux and add support for OpenGL ES
in the future.

Users still have to supply their own libSDL2 for cross-arch compiling
on Linux. But now the user does not have to re-install libgl1-mesa-dev
package for i386 or amd64 on Debian when switching between compiling
ioquake3 for x86 and x86_64.
2017-10-01 23:07:33 -05:00
Zack Middleton
51e9aa2df0 Fix hit accuracy stats for lightning gun and shotgun kills
If a lightning bolt killed a player or the first shotgun pellet that
hit a player killed them, the shot was not counted as accurate.

Check if shot player is alive for hit accuracy before dealing damage.
2017-09-29 18:54:57 -05:00
Zack Middleton
45de6be4c2 Fix listen server sending snapshots each client frame
Running a server using the client engine would send server snapshots
to loopback and LAN clients each client frame (com_maxfps).

This causes excessive network traffic and likely does not provide new
information to the clients because SV_Frame() won't have run between
the extra snapshots.

This commit restores the original behavior of respecting local/LAN
client's snaps userinfo and sv_fps. The issue was introduced by the
following commit:

    Commit ac30d86db0
    From: Thilo Schulz
    Date: Wed, 13 Jul 2011 17:11:30 +0000
    Subject: - Improve snapshot rate and data rate control

Reported by Eugene C.
2017-09-15 19:31:00 -05:00
Zack Middleton
11b3bca555 Update UI player animation handling to match CGame
Fix "Error parsing animation file" messages in UI. Caused by fixing the
handling of missing tokens in animation.cfg parser in a past commit.
Fix new Team Arena torso animation frame numbers in UI.
Add support for fixedtorso and fixedlegs keywords.
Add support for reversed animations (negative numframes).
2017-09-10 20:20:30 -05:00
Zack Middleton
098d97bdb0 Fix in_nograb not releasing the mouse cursor
Disable SDL relative mouse mode when in_nograb is enabled. Relative
mouse mode hides the cursor and it cannot exit the window regardless
of the window's grab state.

This wasn't always the case. SDL before 2.0.4 on GNU/Linux released
the mouse cursor in relative mode. However, SDL 2.0.3/4 on Windows
does not. (I did not test other Windows versions.) So I think SDL
2.0.4 made GNU/Linux X11 behavior consistent with other platforms.

This fixes mouse input being unusable when debuging client crashes
in gdb.
2017-09-10 19:11:36 -05:00
Zack Middleton
a48dcdf224 Fix crash when out of memory in Team Arena's String_Alloc 2017-09-10 19:11:35 -05:00
Zack Middleton
dcf5707493 Don't reload arenas.txt/*.arena files in Team Arena UI
Entering Team Arena's start server or in-game callvote menu causes
arenas to be reloaded. The existing memory is not freed so after
a entering the menus a few times the UI runs out of memory and
crashes.

Just load arenas once when the UI loads like in q3_ui.
2017-09-10 19:11:35 -05:00
Eugene Molotov
e0a367451f ignore window resize event on fullscreen 2017-09-10 14:31:51 +05:00
Zack Middleton
5f743bdb22 Disable DPI scaling on Windows
Windows DPI scaling prevents using full monitor resolution in
fullscreen mode.
2017-09-07 21:17:44 -05:00
Zack Middleton
aeaecb4ae5 Add Windows application manifest
- Use common controls 6 so error dialogs use correct visuals on
Windows XP or later!
- Specify running as invoker so Windows doesn't guess if it should
prompt for admin permission on Vista or later.
- Specify compatible with Vista through Windows 10. Tells Windows
not to emulate Vista behavior, not sure if it affects anything.

Makefile automatically runs windres when manifest changes.
2017-09-07 21:04:52 -05:00
Zack Middleton
6f0736ce9a Fix loading renderer DLLs on Windows x86
After 'Fix floating point precision loss in renderer', Windows x86
client won't load the renderer DLLs. The problem is a 64 bit modulus.
I couldn't find any reports of this online. However, client with
built-in renderer worked with the 64 bit modulus.

Only tested with mingw-w64.
2017-09-07 20:42:31 -05:00
Zack Middleton
c2ce1c2f51 Make client for Windows x86_64 use OpenAL64.dll by default
ioquake3.x86_64.exe can't load x86 OpenAL32.dll. Using separate
library names allows shipping OpenAL for both architectures.

Though since the dll name is saved in the config file, using both
clients on the same computer will cause one client arch to always
try to load the wrong OpenAL dll and then fallback to the correct
default OpenAL dll. I guess it could be fixed by using separate
cvar names for s_alDriver.
2017-09-04 20:34:55 -05:00
Zack Middleton
8192f66b39 Don't draw crosshair 0 in Team Arena setup menu
Don't draw crosshair 0 in Team Arena setup menu. It isn't drawn
in CGame. Wrap cg_drawCrosshair in missionpack menu like CGame
instead of treating as index 0 which is no longer drawn.
2017-09-02 18:19:08 -05:00
Zack Middleton
e152761c28 Fix team chat box for spectators
Make spectators use green background for team chat box when following
players. The team chat messages are from spectators not the team of
the followed player.

Make spectators draw team chat box even when not following a player.
2017-09-02 17:57:26 -05:00
Zack Middleton
5d88c6fdee Limit ui_smallFont/ui_bigFont/cg_noTaunt cvars to missionpack
ui_smallFont and ui_bigFont are for missionpack HUD font size
selection. cg_noTaunt disables missionpack taunt voice chats.
2017-09-02 17:40:16 -05:00
Zack Middleton
2c22ead078 Make map names in q3_ui map select menu be uppercase
Makes map names match on both pages of start server menu.
2017-09-02 17:35:19 -05:00
Zack Middleton
f4d68590c2 Fix going to previous browser source in q3_ui
It wasn't possible to go to previous source from favorites if
sv_master5 cvar wasn't set.
2017-09-02 17:31:04 -05:00
Zack Middleton
c3e64d3806 Make bots only use q3tourney6 crusher to kill their enemy
Only use the crusher for killing the bot's enemy. This doesn't
affect 1v1 very much but prevents the whole team of bots in CTF
from suddenly shooting at the crusher button. Entering the crusher
bounds was basically instant death.
2017-08-28 21:46:58 -05:00
Zack Middleton
ad1d0e616e Make bots use crusher on other q3tourney6 maps
Make bots activate crusher on q3tourney6_ctf and mpq3tourney6.

Check if player is inside the crush bounds instead of below the
crusher. There is a jumppad the goes under it in mpq3tourney6.
2017-08-28 21:46:57 -05:00
Zack Middleton
63e07afae9 Make input events use earliest possible time
SDL doesn't provide exact the exact time that input events happen
so use the earliest possible time that an event could happen.

This make sub-frame input actions such as walking take affect
immediately instead of in the next frame.

Based on patch by Alexander "wareya" Nadeau.
2017-08-21 22:43:33 -05:00
Zack Middleton
5993c63c4e Removing input functions from sys_local.h for last commit
It helps to actually save files before making commits.
2017-08-21 22:27:09 -05:00
Zack Middleton
ead54782d0 Improve client input responsiveness
Move sampling input to the other side of framerate limiter.

Thanks to Alexander "wareya" Nadeau and Juraj "youurayy" Vitko for
pointing this out.
2017-08-21 21:40:54 -05:00
Zack Middleton
34d0b78754 Improve keys using international key layouts
Always map number row to number keys for AZERTY.
Map Unicode character keys to world keys using scan code.

Based on patches by @mickael9.
2017-08-21 20:21:18 -05:00
Zack Middleton
be1c71d363 Combine mouse movement events in event queue
Fixes 'Com_QueueEvent: overflow' spam after hitch / map load.

Based on patch by @ec-.
2017-08-21 20:12:26 -05:00
Zack Middleton
e793c0c37c Fix crash when pmove_msec is 0
When pmove_fixed is set to 1, setting pmove_msec to 0 would crash.
2017-08-19 01:42:38 -05:00
Mickaël Thomas
bae86208f9 Only allow safe protocols for cURL downloads
A malicious server could abuse dangerous protocols such as gopher:// to,
for instance, send mail via SMTP.
2017-08-15 21:47:27 -05:00
Zack Middleton
9736e7ff91 Fix compiling Cmd_CallTeamVote_f 2017-08-09 19:19:59 -05:00
Zack Middleton
3f267728c3 Remove newlines from chat messages in Game VM
This has no affect due to ioquake3 engine already removing command
separators (which includes newlines) in Cmd_Args_Sanitize().
2017-08-09 18:41:26 -05:00
Zack Middleton
f0b74a27c9 Check for all command separators in callTeamVote
Make callTeamVote check for all command separators like in callVote.
It's not exploitable as the only vote option (leader) always uses an
integer argument.

Also the ioquake3 engine remove command separators from client game
commands in Cmd_Args_Sanitize().
2017-08-09 18:37:18 -05:00
Zack Middleton
0bce5463f7 Add spawnflags to QUAKED for trigger_multiple 2017-08-09 17:47:33 -05:00
SmileTheory
9d1c6748f5 OpenGL2: Force VAO usage on OpenGL 3.0+ 2017-08-08 20:20:11 -07:00
SmileTheory
3f415abe61 OpenGL2: Use extension functions with OpenGL versions before 3.0. 2017-08-07 18:00:00 -07:00
SmileTheory
2955f8dadb Reject OpenGL contexts w/ software renderer when core context requested. 2017-08-03 14:20:33 -07:00
Zack Middleton
59b1262b82 Fix floating point precision loss in renderer [part 2]
Fix floatTime using float precision instead of double using GCC.
Fix R_BindAnimatedImage to be in sync with function table.
Fix vertexDeform bulge, vertexDeform normals, noise wave function
at high level time.

Revert unnecessary float -> double conversions.
2017-08-03 00:14:22 -05:00
Zack Middleton
30fdd88c9f Fix floating point precision loss in renderer [part 1]
Patch for https://bugzilla.icculus.org/show_bug.cgi?id=5931 by
Eugene C. from 2013 plus recent fix for tcMod rotate.

I merged the changes into the OpenGL2 renderer though the fix for
tcMod turb doesn't translate.
2017-08-02 23:44:44 -05:00
Tobias Kuehnhammer
9c4c363ccc Fix friction in AAS_ClientMovementPrediction
Ground and water friction were reversed.
2017-08-02 15:05:46 -05:00
Zack Middleton
d2b1d124d4 Fix/improve buffer overflow in MSG_ReadBits/MSG_WriteBits
Prevent reading past end of message in MSG_ReadBits. If read past
end of msg->data buffer (16348 bytes) the engine could SEGFAULT.
Make MSG_WriteBits use an exact buffer overflow check instead of
possibly failing with a few bytes left.
2017-08-02 14:55:22 -05:00