[quake3-bugzilla] [Bug 4798] New: Array overflow in CalculateRanks()
bugzilla-daemon at icculus.org
bugzilla-daemon at icculus.org
Sat Nov 20 13:49:52 EST 2010
http://bugzilla.icculus.org/show_bug.cgi?id=4798
Summary: Array overflow in CalculateRanks()
Product: ioquake3
Version: SVN HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: Misc
AssignedTo: zakk at icculus.org
ReportedBy: mads.lind at gmail.com
QAContact: quake3-bugzilla at icculus.org
Hello there. I'm looking through your code, and I've spotted this weird thing:
in g_local.h, level_locals_t defines:
int numteamVotingClients[2];// set by CalculateRanks
It is used in g_main, CalculateRanks:
...
for ( i = 0; i < TEAM_NUM_TEAMS; i++ ) {
level.numteamVotingClients[i] = 0;
}
...
team_t is defined like this:
typedef enum {
TEAM_FREE,
TEAM_RED,
TEAM_BLUE,
TEAM_SPECTATOR,
TEAM_NUM_TEAMS
} team_t;
TEAM_NUM_TEAMS is 4, so the loop in CalculatRanks overflows.
Cheers,
Mads Lind
--
Configure bugmail: http://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the quake3-bugzilla
mailing list