Fix memory overwrite when client has too many maps. Thanks to beast f…

…or the reporting & the patch. http://bugzilla.icculus.org/process_bug.cgi
ioquake · Oct 6, 2009 · d53eeae · d53eeae
1 parent 549f23b
commit d53eeae
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 40 deletions.
diff --git a/code/q3_ui/ui_gameinfo.c b/code/q3_ui/ui_gameinfo.c
@@ -169,7 +169,7 @@ static void UI_LoadArenas( void ) {
 	int			numdirs;
 	vmCvar_t	arenasFile;
 	char		filename[128];
-	char		dirlist[1024];
+	char		dirlist[2048];
 	char*		dirptr;
 	int			i, n;
 	int			dirlen;
@@ -188,7 +188,7 @@ static void UI_LoadArenas( void ) {
 	}
 
 	// get all arenas from .arena files
-	numdirs = trap_FS_GetFileList("scripts", ".arena", dirlist, 1024 );
+	numdirs = trap_FS_GetFileList("scripts", ".arena", dirlist, 2048 );
 	dirptr  = dirlist;
 	for (i = 0; i < numdirs; i++, dirptr += dirlen+1) {
 		dirlen = strlen(dirptr);

diff --git a/code/q3_ui/ui_startserver.c b/code/q3_ui/ui_startserver.c
@@ -50,12 +50,8 @@ START SERVER MENU *****
 #define MAX_MAPROWS		2
 #define MAX_MAPCOLS		2
 #define MAX_MAPSPERPAGE	4
-
-#define	MAX_SERVERSTEXT	8192
-
-#define MAX_SERVERMAPS	64
+
 #define MAX_NAMELENGTH	16
-
 #define ID_GAMETYPE				10
 #define ID_PICTURES				11	// 12, 13, 14
 #define ID_PREVPAGE				15
@@ -87,8 +83,7 @@ typedef struct {
 	int				nummaps;
 	int				page;
 	int				maxpages;
-	char			maplist[MAX_SERVERMAPS][MAX_NAMELENGTH];
-	int				mapGamebits[MAX_SERVERMAPS];
+	int 			maplist[MAX_ARENAS];
 } startserver_t;
 
 static startserver_t s_startserver;
@@ -166,16 +161,22 @@ StartServer_Update
 static void StartServer_Update( void ) {
 	int				i;
 	int				top;
-	static	char	picname[MAX_MAPSPERPAGE][64];
+	static	char	picname[MAX_MAPSPERPAGE][64];
+	const char		*info;
+	char			mapname[MAX_NAMELENGTH];
 
 	top = s_startserver.page*MAX_MAPSPERPAGE;
 
 	for (i=0; i<MAX_MAPSPERPAGE; i++)
 	{
 		if (top+i >= s_startserver.nummaps)
-			break;
-
-		Com_sprintf( picname[i], sizeof(picname[i]), "levelshots/%s", s_startserver.maplist[top+i] );
+			break;
+
+		info = UI_GetArenaInfoByNumber( s_startserver.maplist[ top + i ]);
+		Q_strncpyz( mapname, Info_ValueForKey( info, "map"), MAX_NAMELENGTH );
+		Q_strupr( mapname );
+
+		Com_sprintf( picname[i], sizeof(picname[i]), "levelshots/%s", mapname );
 
 		s_startserver.mappics[i].generic.flags &= ~QMF_HIGHLIGHT;
 		s_startserver.mappics[i].generic.name   = picname[i];
@@ -216,7 +217,8 @@ static void StartServer_Update( void ) {
 		}
 
 		// set the map name
-		strcpy( s_startserver.mapname.string, s_startserver.maplist[s_startserver.currentmap] );
+		info = UI_GetArenaInfoByNumber( s_startserver.maplist[ s_startserver.currentmap ]);
+		Q_strncpyz( s_startserver.mapname.string, Info_ValueForKey( info, "map" ), MAX_NAMELENGTH);
 	}
 
 	Q_strupr( s_startserver.mapname.string );
@@ -249,7 +251,7 @@ static void StartServer_GametypeEvent( void* ptr, int event ) {
 	int			gamebits;
 	int			matchbits;
 	const char	*info;
-
+
 	if( event != QM_ACTIVATED) {
 		return;
 	}
@@ -259,18 +261,16 @@ static void StartServer_GametypeEvent( void* ptr, int event ) {
 	matchbits = 1 << gametype_remap[s_startserver.gametype.curvalue];
 	if( gametype_remap[s_startserver.gametype.curvalue] == GT_FFA ) {
 		matchbits |= ( 1 << GT_SINGLE_PLAYER );
-	}
+	}
 	for( i = 0; i < count; i++ ) {
-		info = UI_GetArenaInfoByNumber( i );
-
+		info = UI_GetArenaInfoByNumber( i );
+	
 		gamebits = GametypeBits( Info_ValueForKey( info, "type") );
 		if( !( gamebits & matchbits ) ) {
 			continue;
 		}
-
-		Q_strncpyz( s_startserver.maplist[s_startserver.nummaps], Info_ValueForKey( info, "map"), MAX_NAMELENGTH );
-		Q_strupr( s_startserver.maplist[s_startserver.nummaps] );
-		s_startserver.mapGamebits[s_startserver.nummaps] = gamebits;
+
+		s_startserver.maplist[ s_startserver.nummaps ] = i;
 		s_startserver.nummaps++;
 	}
 	s_startserver.maxpages = (s_startserver.nummaps + MAX_MAPSPERPAGE-1)/MAX_MAPSPERPAGE;
@@ -330,6 +330,7 @@ static void StartServer_LevelshotDraw( void *self ) {
 	int				w;
 	int				h;
 	int				n;
+	const char		*info;
 
 	b = (menubitmap_s *)self;
 
@@ -363,7 +364,9 @@ static void StartServer_LevelshotDraw( void *self ) {
 	x += b->width / 2;
 	y += 4;
 	n = s_startserver.page * MAX_MAPSPERPAGE + b->generic.id - ID_PICTURES;
-	UI_DrawString( x, y, s_startserver.maplist[n], UI_CENTER|UI_SMALLFONT, color_orange );
+
+	info = UI_GetArenaInfoByNumber( s_startserver.maplist[ n ]);
+	UI_DrawString( x, y, Info_ValueForKey( info, "map" ), UI_CENTER|UI_SMALLFONT, color_orange );
 
 	x = b->generic.x;
 	y = b->generic.y;
@@ -556,6 +559,7 @@ void StartServer_Cache( void )
 	const char		*info;
 	qboolean		precache;
 	char			picname[64];
+	char			mapname[ MAX_NAMELENGTH ];
 
 	trap_R_RegisterShaderNoMip( GAMESERVER_BACK0 );	
 	trap_R_RegisterShaderNoMip( GAMESERVER_BACK1 );	
@@ -572,22 +576,16 @@ void StartServer_Cache( void )
 
 	precache = trap_Cvar_VariableValue("com_buildscript");
 
-	s_startserver.nummaps = UI_GetNumArenas();
-
-	for( i = 0; i < s_startserver.nummaps; i++ ) {
-		info = UI_GetArenaInfoByNumber( i );
-
-		Q_strncpyz( s_startserver.maplist[i], Info_ValueForKey( info, "map"), MAX_NAMELENGTH );
-		Q_strupr( s_startserver.maplist[i] );
-		s_startserver.mapGamebits[i] = GametypeBits( Info_ValueForKey( info, "type") );
-
-		if( precache ) {
-			Com_sprintf( picname, sizeof(picname), "levelshots/%s", s_startserver.maplist[i] );
+	if( precache ) {
+		for( i = 0; i < UI_GetNumArenas(); i++ ) {
+			info = UI_GetArenaInfoByNumber( i );
+			Q_strncpyz( mapname, Info_ValueForKey( info, "map"), MAX_NAMELENGTH );
+			Q_strupr( mapname );
+
+			Com_sprintf( picname, sizeof(picname), "levelshots/%s", mapname );
 			trap_R_RegisterShaderNoMip(picname);
 		}
 	}
-
-	s_startserver.maxpages = (s_startserver.nummaps + MAX_MAPSPERPAGE-1)/MAX_MAPSPERPAGE;
 }
 
 
@@ -732,7 +730,7 @@ static void ServerOptions_Start( void ) {
 	int		skill;
 	int		n;
 	char	buf[64];
-
+	const char *info;
 
 	timelimit	 = atoi( s_serveroptions.timelimit.field.buffer );
 	fraglimit	 = atoi( s_serveroptions.fraglimit.field.buffer );
@@ -790,7 +788,8 @@ static void ServerOptions_Start( void ) {
 	trap_Cvar_SetValue( "sv_punkbuster", s_serveroptions.punkbuster.curvalue );
 
 	// the wait commands will allow the dedicated to take effect
-	trap_Cmd_ExecuteText( EXEC_APPEND, va( "wait ; wait ; map %s\n", s_startserver.maplist[s_startserver.currentmap] ) );
+	info = UI_GetArenaInfoByNumber( s_startserver.maplist[ s_startserver.currentmap ]);
+	trap_Cmd_ExecuteText( EXEC_APPEND, va( "wait ; wait ; map %s\n", Info_ValueForKey( info, "map" )));
 
 	// add bots
 	trap_Cmd_ExecuteText( EXEC_APPEND, "wait 3\n" );
@@ -1128,7 +1127,9 @@ ServerOptions_SetMenuItems
 =================
 */
 static void ServerOptions_SetMenuItems( void ) {
-	static char picname[64];
+	static char picname[64];
+	char		mapname[MAX_NAMELENGTH];
+	const char	*info;
 
 	switch( s_serveroptions.gametype ) {
 	case GT_FFA:
@@ -1159,7 +1160,10 @@ static void ServerOptions_SetMenuItems( void ) {
 	s_serveroptions.pure.curvalue = Com_Clamp( 0, 1, trap_Cvar_VariableValue( "sv_pure" ) );
 
 	// set the map pic
-	Com_sprintf( picname, 64, "levelshots/%s", s_startserver.maplist[s_startserver.currentmap] );
+	info = UI_GetArenaInfoByNumber( s_startserver.maplist[ s_startserver.currentmap ]);
+	Q_strncpyz( mapname, Info_ValueForKey( info, "map"), MAX_NAMELENGTH );
+	Q_strupr( mapname );
+	Com_sprintf( picname, 64, "levelshots/%s", mapname );
 	s_serveroptions.mappic.generic.name = picname;
 
 	// set the map name