engine: fix possible buffer overflow in S_StreamGetCurrentState

2024-05-06 06:53:22 +03:00 · 2024-05-06 06:53:22 +03:00 · 5120657386
commit 5120657386
parent e754de46d1
5 changed files with 8 additions and 9 deletions
--- a/engine/client/s_stream.c
+++ b/engine/client/s_stream.c
@ -142,7 +142,7 @@ S_StreamGetCurrentState
 save\restore code
 =================
 */
-qboolean S_StreamGetCurrentState( char *currentTrack, char *loopTrack, int *position )
+qboolean S_StreamGetCurrentState( char *currentTrack, size_t currentTrackSize, char *loopTrack, size_t loopTrackSize, int *position )
 {
 	if( !s_bgTrack.stream )
 		return false; // not active
@ -150,15 +150,15 @@ qboolean S_StreamGetCurrentState( char *currentTrack, char *loopTrack, int *posi
 	if( currentTrack )
 	{
 		if( s_bgTrack.current[0] )
-			Q_strncpy( currentTrack, s_bgTrack.current, MAX_STRING );
+			Q_strncpy( currentTrack, s_bgTrack.current, currentTrackSize );
-		else Q_strncpy( currentTrack, "*", MAX_STRING ); // no track
+		else Q_strncpy( currentTrack, "*", currentTrackSize ); // no track
 	}
 	if( loopTrack )
 	{
 		if( s_bgTrack.loopName[0] )
-			Q_strncpy( loopTrack, s_bgTrack.loopName, MAX_STRING );
+			Q_strncpy( loopTrack, s_bgTrack.loopName, loopTrackSize );
-		else Q_strncpy( loopTrack, "*", MAX_STRING ); // no track
+		else Q_strncpy( loopTrack, "*", loopTrackSize ); // no track
 	}
 	if( position )
--- a/engine/client/sound.h
+++ b/engine/client/sound.h
@ -257,7 +257,6 @@ void SND_ForceCloseMouth( int entnum );
 //
 void S_StreamSoundTrack( void );
 void S_StreamBackgroundTrack( void );
 qboolean S_StreamGetCurrentState( char *currentTrack, char *loopTrack, int *position );
 void S_PrintBackgroundTrackState( void );
 void S_FadeMusicVolume( float fadePercent );
--- a/engine/common/common.h
+++ b/engine/common/common.h
@ -695,7 +695,7 @@ void Log_Printf( const char *fmt, ... ) _format( 1 );
 void SV_BroadcastCommand( const char *fmt, ... ) _format( 1 );
 void SV_BroadcastPrintf( struct sv_client_s *ignore, const char *fmt, ... ) _format( 2 );
 void CL_ClearStaticEntities( void );
-qboolean S_StreamGetCurrentState( char *currentTrack, char *loopTrack, int *position );
+qboolean S_StreamGetCurrentState( char *currentTrack, size_t currentTrackSize, char *loopTrack, size_t loopTrackSize, int *position );
 void CL_ServerCommand( qboolean reliable, const char *fmt, ... ) _format( 2 );
 void CL_HudMessage( const char *pMessage );
 const char *CL_MsgInfo( int cmd );
--- a/engine/server/sv_game.c
+++ b/engine/server/sv_game.c
@ -666,7 +666,7 @@ void SV_RestartAmbientSounds( void )
 #if !XASH_DEDICATED // TODO: ???
 	// restart soundtrack
-	if( S_StreamGetCurrentState( curtrack, looptrack, &position ))
+	if( S_StreamGetCurrentState( curtrack, sizeof( curtrack ), looptrack, sizeof( looptrack ), &position ))
 	{
 		SV_StartMusic( curtrack, looptrack, position );
 	}
--- a/engine/server/sv_save.c
+++ b/engine/server/sv_save.c
@ -1202,7 +1202,7 @@ static void SaveClientState( SAVERESTOREDATA *pSaveData, const char *level, int
 		header.soundCount = S_GetCurrentDynamicSounds( soundInfo, MAX_CHANNELS );
 #if !XASH_DEDICATED
 		// music not reqiured to save position: it's just continue playing on a next level
-		S_StreamGetCurrentState( header.introTrack, header.mainTrack, &header.trackPosition );
+		S_StreamGetCurrentState( header.introTrack, sizeof( header.introTrack ), header.mainTrack, sizeof( header.mainTrack ), &header.trackPosition );
 #endif
 	}