[GoldSource] Client-side mapcycle processing can fail

[2010kohtep]

When a client connects to the server, the server sends mapcycle to the client, which is written in the SV_SendServerinfo function. The problem is that the server can send a very large mapcycle list, length of which can be more or equal to 8192, what is the maximum size of returned buffer in MSG_ReadString, which is called in CL_ParseServerInfo. Unread bytes will cause the client to crash.

One of the solutions that I see in the client-side: since one of the images shows that mapcycle is not used by the client, we can simply skip this data. Let's say we can write function like this and replace MSG_ReadString call with it:

As a result, a mapcycle of any length will be successfully processed.

There is also a solution for server-side: after receiving the mapcycle with the COM_LoadFileForMe function, we cut it in position 8190 by setting zero byte so that the client can handle the mapcycle if its size is too large.

I believe that it is desirable to implement both of the proposed solutions.

[mikela-valve]

Fixed in client and server, will be included in next beta.

[mikela-valve]

Fixed in beta 'Exe build: 11:12:36 May 21 2019 (8244)'.

[mikela-valve]

Closing as fixed.