vilyaem/Xrasher
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

engine: client: fix possible svc_pings misparse by reading until null bit is encountered

Browse source
This commit is contained in:
Alibek Omarov 2024-12-15 18:22:40 +03:00
parent 3d30dc8d02
commit 48cc526c7e
1 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
engine/client/cl_parse.c
View file

@ -1593,17 +1593,23 @@ collect pings and packet lossage from clients
*/ */
void CL_UpdateUserPings( sizebuf_t *msg ) void CL_UpdateUserPings( sizebuf_t *msg )
{ {
int i, slot; // a1ba: there was a MAX_PLAYERS check but it doesn't make sense
player_info_t *player; // because pings message always ends by null bit
while( 1 )
for( i = 0; i < MAX_CLIENTS; i++ )
{ {
if( !MSG_ReadOneBit( msg )) break; // end of message int slot;
player_info_t *player;
if( !MSG_ReadOneBit( msg ))
break; // end of message
slot = MSG_ReadUBitLong( msg, MAX_CLIENT_BITS ); slot = MSG_ReadUBitLong( msg, MAX_CLIENT_BITS );
if( slot >= MAX_CLIENTS ) if( unlikely( slot >= MAX_CLIENTS ))
{
Host_Error( "%s: svc_pings > MAX_CLIENTS\n", __func__ ); Host_Error( "%s: svc_pings > MAX_CLIENTS\n", __func__ );
return;
}
player = &cl.players[slot]; player = &cl.players[slot];
player->ping = MSG_ReadUBitLong( msg, 12 ); player->ping = MSG_ReadUBitLong( msg, 12 );