yquake2
/
yquake2remaster
mirror of https://github.com/yquake2/yquake2remaster.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix load mguhub 

Need dynamic allocation and additional checks for array sizes,
looks like overflow in mgu4m3, mgu5m2.
This commit is contained in:
Denis Pauk 2023-10-04 00:24:12 +03:00
parent c3cd2d5aeb
commit f2393a2e34
10 changed files with 31 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -119,7 +119,7 @@ Map state:
| maps/mgu1trial.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu1trial.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu2m1.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu2m1.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu2m2.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu2m2.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu2m3.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu2m3.bsp | B | N/A | N/A | ML | N/A |
| maps/mgu3m1.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu3m1.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu3m2.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu3m2.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu3m3.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu3m3.bsp | N/A | N/A | N/A | N/A | N/A |
@ -127,10 +127,10 @@ Map state:
| maps/mgu3secret.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu3secret.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu4m1.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu4m1.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu4m2.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu4m2.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu4m3.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu4m3.bsp | B | N/A | N/A | B | N/A |
| maps/mgu4trial.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu4trial.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu5m1.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu5m1.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu5m2.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu5m2.bsp | B | N/A | N/A | B | N/A |
| maps/mgu5m3.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu5m3.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu5trial.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu5trial.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu6m1.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu6m1.bsp | N/A | N/A | N/A | N/A | N/A |
@ -138,7 +138,7 @@ Map state:
| maps/mgu6m3.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu6m3.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mgu6trial.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mgu6trial.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mguboss.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mguboss.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mguhub.bsp | G | G | B | G | G | | maps/mguhub.bsp | ML | G | B | ML | ML |
| maps/mine1.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mine1.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mine2.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mine2.bsp | N/A | N/A | N/A | N/A | N/A |
| maps/mine3.bsp | N/A | N/A | N/A | N/A | N/A | | maps/mine3.bsp | N/A | N/A | N/A | N/A | N/A |

4
src/client/refresh/files/models.c
View File

@ -1488,7 +1488,7 @@ Mod_LoadNodes(const char *name, cplane_t *planes, int numplanes, mleaf_t *leafs,
Mod_SetParent(*nodes, NULL); /* sets nodes and leafs */ Mod_SetParent(*nodes, NULL); /* sets nodes and leafs */
numvisleafs = 0; numvisleafs = 0;
Mod_NumberLeafs (leafs, *nodes, r_leaftovis, r_vistoleaf, &numvisleafs); Mod_NumberLeafs(leafs, *nodes, r_leaftovis, r_vistoleaf, &numvisleafs);
} }
/* /*
@ -1575,7 +1575,7 @@ Mod_LoadQNodes(const char *name, cplane_t *planes, int numplanes, mleaf_t *leafs
Mod_SetParent(*nodes, NULL); /* sets nodes and leafs */ Mod_SetParent(*nodes, NULL); /* sets nodes and leafs */
numvisleafs = 0; numvisleafs = 0;
Mod_NumberLeafs (leafs, *nodes, r_leaftovis, r_vistoleaf, &numvisleafs); Mod_NumberLeafs(leafs, *nodes, r_leaftovis, r_vistoleaf, &numvisleafs);
} }
/* /*

4
src/client/refresh/gl1/gl1_model.c
View File

@ -791,8 +791,8 @@ Mod_LoadQLeafs(model_t *loadmodel, const byte *mod_base, const lump_t *l)
out->area = LittleLong(in->area); out->area = LittleLong(in->area);
// make unsigned long from signed short // make unsigned long from signed short
firstleafface = LittleLong(in->firstleafface) & 0xFFFF; firstleafface = LittleLong(in->firstleafface) & 0xFFFFFFFF;
out->nummarksurfaces = LittleLong(in->numleaffaces) & 0xFFFF; out->nummarksurfaces = LittleLong(in->numleaffaces) & 0xFFFFFFFF;
out->firstmarksurface = loadmodel->marksurfaces + firstleafface; out->firstmarksurface = loadmodel->marksurfaces + firstleafface;
if ((firstleafface + out->nummarksurfaces) > loadmodel->nummarksurfaces) if ((firstleafface + out->nummarksurfaces) > loadmodel->nummarksurfaces)

2
src/client/refresh/gl1/header/local.h
View File

@ -67,7 +67,7 @@
#define REF_VERSION "Yamagi Quake II OpenGL Refresher" #define REF_VERSION "Yamagi Quake II OpenGL Refresher"
#define BACKFACE_EPSILON 0.01 #define BACKFACE_EPSILON 0.01
#define LIGHTMAP_BYTES 4 #define LIGHTMAP_BYTES 4
#define MAX_LIGHTMAPS 128 #define MAX_LIGHTMAPS 256
#define GL_LIGHTMAP_FORMAT GL_RGBA #define GL_LIGHTMAP_FORMAT GL_RGBA
/* up / down */ /* up / down */

4
src/client/refresh/gl3/gl3_model.c
View File

@ -716,8 +716,8 @@ Mod_LoadQLeafs(gl3model_t *loadmodel, const byte *mod_base, const lump_t *l)
out->area = LittleLong(in->area); out->area = LittleLong(in->area);
// make unsigned long from signed short // make unsigned long from signed short
firstleafface = LittleLong(in->firstleafface) & 0xFFFF; firstleafface = LittleLong(in->firstleafface) & 0xFFFFFFFF;
out->nummarksurfaces = LittleLong(in->numleaffaces) & 0xFFFF; out->nummarksurfaces = LittleLong(in->numleaffaces) & 0xFFFFFFFF;
out->firstmarksurface = loadmodel->marksurfaces + firstleafface; out->firstmarksurface = loadmodel->marksurfaces + firstleafface;
if ((firstleafface + out->nummarksurfaces) > loadmodel->nummarksurfaces) if ((firstleafface + out->nummarksurfaces) > loadmodel->nummarksurfaces)

4
src/client/refresh/soft/sw_model.c
View File

@ -579,8 +579,8 @@ Mod_LoadQLeafs(model_t *loadmodel, const byte *mod_base, const lump_t *l)
out->area = LittleLong(in->area); out->area = LittleLong(in->area);
// make unsigned long from signed short // make unsigned long from signed short
firstleafface = LittleLong(in->firstleafface) & 0xFFFF; firstleafface = LittleLong(in->firstleafface) & 0xFFFFFFFF;
out->nummarksurfaces = LittleLong(in->numleaffaces) & 0xFFFF; out->nummarksurfaces = LittleLong(in->numleaffaces) & 0xFFFFFFFF;
out->firstmarksurface = loadmodel->marksurfaces + firstleafface; out->firstmarksurface = loadmodel->marksurfaces + firstleafface;
if ((firstleafface + out->nummarksurfaces) > loadmodel->nummarksurfaces) if ((firstleafface + out->nummarksurfaces) > loadmodel->nummarksurfaces)

2
src/client/refresh/vk/header/local.h
View File

@ -295,7 +295,7 @@ typedef struct
uint32_t triangle_index_count; uint32_t triangle_index_count;
} vkconfig_t; } vkconfig_t;
#define MAX_LIGHTMAPS 128 #define MAX_LIGHTMAPS 256
#define DYNLIGHTMAP_OFFSET MAX_LIGHTMAPS #define DYNLIGHTMAP_OFFSET MAX_LIGHTMAPS
typedef struct typedef struct

4
src/client/refresh/vk/vk_model.c
View File

@ -761,8 +761,8 @@ Mod_LoadQLeafs(model_t *loadmodel, const byte *mod_base, const lump_t *l)
out->area = LittleLong(in->area); out->area = LittleLong(in->area);
// make unsigned long from signed short // make unsigned long from signed short
firstleafface = LittleLong(in->firstleafface) & 0xFFFF; firstleafface = LittleLong(in->firstleafface) & 0xFFFFFFFF;
out->nummarksurfaces = LittleLong(in->numleaffaces) & 0xFFFF; out->nummarksurfaces = LittleLong(in->numleaffaces) & 0xFFFFFFFF;
out->firstmarksurface = loadmodel->marksurfaces + firstleafface; out->firstmarksurface = loadmodel->marksurfaces + firstleafface;
if ((firstleafface + out->nummarksurfaces) > loadmodel->nummarksurfaces) if ((firstleafface + out->nummarksurfaces) > loadmodel->nummarksurfaces)

9
src/common/collision.c
View File

@ -812,6 +812,11 @@ CM_TraceToLeaf(int leafnum)
/* trace line against all brushes in the leaf */ /* trace line against all brushes in the leaf */
for (k = 0; k < leaf->numleafbrushes; k++) for (k = 0; k < leaf->numleafbrushes; k++)
{ {
if (leaf->firstleafbrush + k > MAX_MAP_LEAFBRUSHES)
{
Com_Error(ERR_FATAL, "%s: broken leaf!\n", __func__);
}
brushnum = map_leafbrushes[leaf->firstleafbrush + k]; brushnum = map_leafbrushes[leaf->firstleafbrush + k];
b = &map_brushes[brushnum]; b = &map_brushes[brushnum];
@ -1484,8 +1489,8 @@ CMod_LoadQLeafs(lump_t *l)
out->contents = LittleLong(in->contents); out->contents = LittleLong(in->contents);
out->cluster = LittleLong(in->cluster); out->cluster = LittleLong(in->cluster);
out->area = LittleLong(in->area); out->area = LittleLong(in->area);
out->firstleafbrush = LittleFloat(in->firstleafbrush); out->firstleafbrush = LittleLong(in->firstleafbrush);
out->numleafbrushes = LittleFloat(in->numleafbrushes); out->numleafbrushes = LittleLong(in->numleafbrushes);
if (out->cluster >= numclusters) if (out->cluster >= numclusters)
{ {

6
src/common/header/files.h
View File

@ -361,7 +361,7 @@ typedef struct {
#define MAX_MAP_BRUSHES 16384 #define MAX_MAP_BRUSHES 16384
#define MAX_MAP_ENTITIES 2048 #define MAX_MAP_ENTITIES 2048
#define MAX_MAP_ENTSTRING 0x40000 #define MAX_MAP_ENTSTRING 0x40000
#define MAX_MAP_TEXINFO 32768 #define MAX_MAP_TEXINFO 65536
#define MAX_MAP_AREAS 256 #define MAX_MAP_AREAS 256
#define MAX_MAP_AREAPORTALS 1024 #define MAX_MAP_AREAPORTALS 1024
@ -372,12 +372,12 @@ typedef struct {
#define MAX_MAP_VERTS 65536 #define MAX_MAP_VERTS 65536
#define MAX_MAP_FACES 65536 #define MAX_MAP_FACES 65536
#define MAX_MAP_LEAFFACES 65536 #define MAX_MAP_LEAFFACES 65536
#define MAX_MAP_LEAFBRUSHES 65536 #define MAX_MAP_LEAFBRUSHES 131072
#define MAX_MAP_PORTALS 65536 #define MAX_MAP_PORTALS 65536
#define MAX_MAP_EDGES 128000 #define MAX_MAP_EDGES 128000
#define MAX_MAP_SURFEDGES 256000 #define MAX_MAP_SURFEDGES 256000
#define MAX_MAP_LIGHTING 0x200000 #define MAX_MAP_LIGHTING 0x200000
#define MAX_MAP_VISIBILITY 0x200000 #define MAX_MAP_VISIBILITY 0x400000
/* key / value pair sizes */ /* key / value pair sizes */