From b1629fb7687e4be8875e5cc47a7005be3a5f9665 Mon Sep 17 00:00:00 2001 From: Yamagi Burmeister Date: Sat, 16 Feb 2019 08:57:44 +0100 Subject: [PATCH] Prevent buffer overflows console if vertical resolution > 2048. The stores it's text in the key_lines array which is NUM_KEY_LINES * MAXCMDLINE chars long. The code never checked for overflows, it just assumed that a line will never be longer then 256 chars * 8 = 2048 pixel. With modern displays we can have higher vertical resolutions, so the array will overflow sooner or later. Fix it by clamping the maximum line width to MAXCMDLINE - 2 chars (1 for the prompt and 1 for the terminating \0). While at it increase MAXCMDLINE to 1024 chars * 8 = 8192 pixel, which is more then 8k resolution and should be enough for the years to come. This is belived tot fix at least a part of issue #368. --- src/client/cl_console.c | 9 ++++++++- src/client/header/keyboard.h | 7 +++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/client/cl_console.c b/src/client/cl_console.c index 558ffbe5..4c597704 100644 --- a/src/client/cl_console.c +++ b/src/client/cl_console.c @@ -259,7 +259,14 @@ Con_CheckResize(void) char tbuf[CON_TEXTSIZE]; float scale = SCR_GetConsoleScale(); - width = ((int)(viddef.width / scale) >> 3) - 2; + /* We need to clamp the line width to MAXCMDLINE - 2, + otherwise we may overflow the text buffer if the + vertical resultion / 8 (one char == 8 pixels) is + bigger then MAXCMDLINE. + MAXCMDLINE - 2 because 1 for the prompt and 1 for + the terminating \0. */ + width = ((int)(viddef.width / scale) / 8) - 2; + width = width > MAXCMDLINE - 2 ? MAXCMDLINE - 2 : width; if (width == con.linewidth) { diff --git a/src/client/header/keyboard.h b/src/client/header/keyboard.h index 527522ce..68fa07ef 100644 --- a/src/client/header/keyboard.h +++ b/src/client/header/keyboard.h @@ -29,8 +29,11 @@ #include "../../common/header/shared.h" /* for qboolean etc */ -/* max length of a console command line */ -#define MAXCMDLINE 256 +/* Max length of a console command line. 1024 + * chars allow for a vertical resolution of + * 8192 pixel which should be enough for the + * years to come. */ +#define MAXCMDLINE 1024 /* number of console command lines saved in history, * must be a power of two, because we use & (NUM_KEY_LINES-1)