md5.c is not 64 bit-safe.

Thilo Schulz arny at ats.s.bawue.de
Wed Apr 26 09:45:16 EDT 2006


Hello,

I have commented:

Cvar_Get("cl_guid", Com_MD5File(QKEY_FILE, 0), CVAR_USERINFO | CVAR_ROM);

in cl_main.c because the MD5 hash generation functions are *not* 64 bit safe 
and crashes amd64 builds.
The crux seems to be at line 272 in md5.c:

   /* Append length in bits and transform */
    ((unsigned long int *) ctx->in)[14] = ctx->bits[0];
    ((unsigned long int *) ctx->in)[15] = ctx->bits[1];

In GCC sizeof(long int) is 8 bytes on 64 bit platforms but only 4 bytes on 32 
bit platforms.

This means because of
        unsigned char in[64];
the program writes somewhere it shouldn't.

-- 
Thilo Schulz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://icculus.org/pipermail/quake3/attachments/20060426/bb100b15/attachment.pgp>


More information about the quake3 mailing list