valve/source-sdk-2013
0
0
Fork 0
mirror of https://github.com/ValveSoftware/source-sdk-2013.git synced 2025-04-09 11:31:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

server: Ensure no buffer overflows when sscanf to char buffer

Browse source 
Closes #878
This commit is contained in:
Dmitry Tsarevich 2025-02-27 18:27:16 +03:00
parent aea94b32cb
commit a9a905e002
No known key found for this signature in database
GPG key ID: 43F9C46DD0E9FDB0
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/game/server/tf/tf_passtime_logic.cpp
View file

@ -1853,11 +1853,14 @@ bool CTFPasstimeLogic::ParseSetSection( const char *pStr, SetSectionParams &s )
{
char pszStartName[64];
char pszEndName[64];
const int iScanCount = sscanf( pStr, "%i %s %s", &s.num, pszStartName, pszEndName ); // WHAT YEAR IS IT
const int iScanCount = sscanf( pStr, "%i %63s %63s", &s.num, pszStartName, pszEndName ); // WHAT YEAR IS IT
if ( iScanCount != 3 )
{
return false;
}
pszStartName[ ARRAYSIZE(pszStartName) - 1 ] = '\0';
pszEndName[ ARRAYSIZE(pszEndName) - 1 ] = '\0';
s.pSectionStart = dynamic_cast<CPathTrack*>( gEntList.FindEntityByName( 0, pszStartName ) );
s.pSectionEnd = dynamic_cast<CPathTrack*>( gEntList.FindEntityByName( 0, pszEndName ) );

3
src/game/server/tf/tf_player.cpp
View file

@ -5979,8 +5979,9 @@ void CTFPlayer::HandleAnimEvent( animevent_t *pEvent )
char szAttrName[128];
float flVal;
float flDuration;
if ( sscanf( pEvent->options, "%s %f %f", szAttrName, &flVal, &flDuration ) == 3 )
if ( sscanf( pEvent->options, "%127s %f %f", szAttrName, &flVal, &flDuration ) == 3 )
{
szAttrName[ ARRAYSIZE(szAttrName) - 1 ] = '\0';
Assert( flDuration > 0.f );
AddCustomAttribute( szAttrName, flVal, flDuration );
}