Skip to content

Commit

Permalink
Fix out of bounds access in studiomodel renderer bone setup code
Browse files Browse the repository at this point in the history 
ValveSoftware/halflife#3360
  • Loading branch information
@SamVanheer
SamVanheer committed Aug 12, 2023
1 parent 9f5cd61 commit 68bb362
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 6 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
### Bug fixes

* Fixed hand grenade animations not playing correctly [#209](https://github.com/SamVanheer/halflife-updated/pull/209) (Thanks Toodles2You)
* Fixed out of bounds access in studiomodel renderer bone setup code (halflife issue [#3360](https://github.com/ValveSoftware/halflife/issues/3360))

## Changes in V1.0.0 Release Candidate 001

Expand Down
18 changes: 12 additions & 6 deletions cl_dll/StudioModelRenderer.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -940,11 +940,15 @@ void CStudioModelRenderer::StudioSetupBones()

for (i = 0; i < m_pStudioHeader->numbones; i++)
{
if (0 == strcmp(pbones[i].name, "Bip01 Spine"))
auto bone = &pbones[i];

if (0 == strcmp(bone->name, "Bip01 Spine"))
{
copy = false;
}
else if (0 == strcmp(pbones[pbones[i].parent].name, "Bip01 Pelvis"))
else if (bone->parent >= 0 &&
bone->parent < m_pStudioHeader->numbones &&
0 == strcmp(pbones[bone->parent].name, "Bip01 Pelvis"))
{
copy = true;
}
Expand All @@ -959,13 +963,15 @@ void CStudioModelRenderer::StudioSetupBones()

for (i = 0; i < m_pStudioHeader->numbones; i++)
{
const int parent = pbones[i].parent;

QuaternionMatrix(q[i], bonematrix);

bonematrix[0][3] = pos[i][0];
bonematrix[1][3] = pos[i][1];
bonematrix[2][3] = pos[i][2];

if (pbones[i].parent == -1)
if (parent == -1)
{
if (0 != IEngineStudio.IsHardware())
{
Expand All @@ -984,10 +990,10 @@ void CStudioModelRenderer::StudioSetupBones()
// Apply client-side effects to the transformation matrix
StudioFxTransform(m_pCurrentEntity, (*m_pbonetransform)[i]);
}
else
else if (parent >= 0 && parent < m_pStudioHeader->numbones)
{
ConcatTransforms((*m_pbonetransform)[pbones[i].parent], bonematrix, (*m_pbonetransform)[i]);
ConcatTransforms((*m_plighttransform)[pbones[i].parent], bonematrix, (*m_plighttransform)[i]);
ConcatTransforms((*m_pbonetransform)[parent], bonematrix, (*m_pbonetransform)[i]);
ConcatTransforms((*m_plighttransform)[parent], bonematrix, (*m_plighttransform)[i]);
}
}
}
Expand Down

0 comments on commit 68bb362

Please sign in to comment.