Fix lithium2 crashing at startup.

This is one these constructs which makes you wonder how it could ever
work. When querying a cvar by calling Cvar_Get(), the default value
(given in `var_value`) is copied into `cvar_t->default_string`. If a
NULL pointer is given in `var_value`, the NULL pointer is passed to
CopyString() and dereferenced. The game crashes. There's already a NULL
pointer check in the 'cvar wasn't found' branch, but none in the 'cvar
was found' branch... Moving the check to the beginning of the function
isn't an option, because at least lithium2 doesn't implement a NULL
pointer check either. We would just move the crash from the server into
the game.dll. Therefore copy an empty string into
cvar_t->default_string` when a NULL pointer was passed in `cvar_value`
and the cvar was found. Pass the empty string trough `CopyString()` to
get an Z_MAlloc() allocation for it, otherwise we would call `Z_Free()`
on an unallocated object further down below.

Reported by Chris Stewart.
This commit is contained in:
Yamagi 2020-07-11 09:32:11 +02:00
parent 2ab4e5553a
commit 9136c8705a

View file

@ -220,7 +220,16 @@ Cvar_Get(char *var_name, char *var_value, int flags)
if (var)
{
var->flags |= flags;
var->default_string = CopyString(var_value);
if (!var_value)
{
var->default_string = CopyString("");
}
else
{
var->default_string = CopyString(var_value);
}
return var;
}