[quake3-commits] r1788 - trunk/code/qcommon
DONOTREPLY at icculus.org
DONOTREPLY at icculus.org
Fri Jul 2 16:21:20 EDT 2010
Author: thilo
Date: 2010-07-02 16:21:20 -0400 (Fri, 02 Jul 2010)
New Revision: 1788
Modified:
trunk/code/qcommon/msg.c
Log:
Fix buffer overflow, report and patch by Eugene C. (#4669)
Modified: trunk/code/qcommon/msg.c
===================================================================
--- trunk/code/qcommon/msg.c 2010-06-21 20:20:04 UTC (rev 1787)
+++ trunk/code/qcommon/msg.c 2010-07-02 20:21:20 UTC (rev 1788)
@@ -1043,6 +1043,10 @@
numFields = sizeof(entityStateFields)/sizeof(entityStateFields[0]);
lc = MSG_ReadByte(msg);
+ if ( lc > numFields || lc < 0 ) {
+ Com_Error( ERR_DROP, "invalid entityState field count" );
+ }
+
// shownet 2/3 will interleave with other printed info, -1 will
// just print the delta records`
if ( cl_shownet->integer >= 2 || cl_shownet->integer == -1 ) {
@@ -1376,6 +1380,10 @@
numFields = sizeof( playerStateFields ) / sizeof( playerStateFields[0] );
lc = MSG_ReadByte(msg);
+ if ( lc > numFields || lc < 0 ) {
+ Com_Error( ERR_DROP, "invalid playerState field count" );
+ }
+
for ( i = 0, field = playerStateFields ; i < lc ; i++, field++ ) {
fromF = (int *)( (byte *)from + field->offset );
toF = (int *)( (byte *)to + field->offset );
More information about the quake3-commits
mailing list