Skip to content

Commit

Permalink
Fix buffer overflow, report and patch by Eugene C. (#4669)
Browse files Browse the repository at this point in the history
  • Loading branch information
Thilo Schulz committed Jul 2, 2010
1 parent 31b3acf commit 3ff2666
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions code/qcommon/msg.c
View file
Expand Up @@ -1043,6 +1043,10 @@ void MSG_ReadDeltaEntity( msg_t *msg, entityState_t *from, entityState_t *to,
numFields = sizeof(entityStateFields)/sizeof(entityStateFields[0]);
lc = MSG_ReadByte(msg);

if ( lc > numFields || lc < 0 ) {
Com_Error( ERR_DROP, "invalid entityState field count" );
}

// shownet 2/3 will interleave with other printed info, -1 will
// just print the delta records`
if ( cl_shownet->integer >= 2 || cl_shownet->integer == -1 ) {
Expand Down Expand Up @@ -1376,6 +1380,10 @@ void MSG_ReadDeltaPlayerstate (msg_t *msg, playerState_t *from, playerState_t *t
numFields = sizeof( playerStateFields ) / sizeof( playerStateFields[0] );
lc = MSG_ReadByte(msg);

if ( lc > numFields || lc < 0 ) {
Com_Error( ERR_DROP, "invalid playerState field count" );
}

for ( i = 0, field = playerStateFields ; i < lc ; i++, field++ ) {
fromF = (int *)( (byte *)from + field->offset );
toF = (int *)( (byte *)to + field->offset );
Expand Down

0 comments on commit 3ff2666

Please sign in to comment.