yquake2/yquake2remaster
0
0
Fork 0
mirror of https://github.com/yquake2/yquake2remaster.git synced 2024-11-22 20:51:31 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix Com_VPrintf() for messages longer then 4096 chars.

Browse source 
At least with MinGW on Windows vsnprintf() treats buffer < size as an
error, returning -1 instead of the number of characters that would have
been printed without size restrictions. Therefor msgLen may be wrong,
leading to all kind of funny mistakes further down below... Buffer
overflow included. Work around this by handling the msgLen < 0 case and
adding an explicit terminating \0.

This is another case of "I wonder why nobody has never noticed this",
the GL1 renderers extension string triggered the buffer overflow each
time the game started.
This commit is contained in:
Yamagi Burmeister 2019-04-28 13:48:45 +02:00
parent 193a5b7a5c
commit 2c11d02b80
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/common/clientserver.c
View file

@ -82,8 +82,13 @@ Com_VPrintf(int print_level, const char *fmt, va_list argptr)
{
int i;
char msg[MAXPRINTMSG];
int msgLen = vsnprintf(msg, MAXPRINTMSG, fmt, argptr);
if(msgLen >= MAXPRINTMSG) msgLen = MAXPRINTMSG-1;
if (msgLen >= MAXPRINTMSG || msgLen < 0) {
msgLen = MAXPRINTMSG-1;
msg[msgLen] = '\0';
}
if (rd_target)
{
if ((msgLen + strlen(rd_buffer)) > (rd_buffersize - 1))