[quake3-bugzilla] [Bug 5051] Q_strncpyz with destsize < 1 can happen in GraphicsOptions_GetAspectRatios of ui_video.c
bugzilla-daemon at icculus.org
bugzilla-daemon at icculus.org
Wed Jun 22 22:21:45 EDT 2011
https://bugzilla.icculus.org/show_bug.cgi?id=5051
--- Comment #4 from ensiform at gmail.com 2011-06-22 22:21:43 EDT ---
Created attachment 2794
--> https://bugzilla.icculus.org/attachment.cgi?id=2794
Fix for overflowing memory in GraphicsOptions_GetAspectRatios
This patch goes to my quake3++ friend/owner, Roughael.
Why code was broken/needed fixing:
"After the ratios had been calculated, some ratios would have been replaced
with known ratios.
this would modify the original ratioBuf value. So the next time
GraphicsOptions_GetAspectRatios was called and a ratio was calculated,
it would check if the ratio was already in the list, but it couldn't find it,
since it had been replaced by the known ratio.
When this happened a few times, it would overflow ratioBuf by going beyond
MAX_RESOLUTIONS, writing into other memory"
--
Configure bugmail: https://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the quake3-bugzilla
mailing list