vilyaem/Xrasher
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

engine: client: validate dem_usercmd size before reading it into the buffer

Browse source
This commit is contained in:
Alibek Omarov 2024-11-18 10:08:19 +03:00
parent ac6dc2c2d3
commit af332eb8ac
1 changed files with 27 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
engine/client/cl_demo.c
View file

@ -221,6 +221,25 @@ double CL_GetDemoFramerate( void )
return bound( MIN_FPS, demo.header.host_fps, MAX_FPS_HARD );
}
/*
=================
CL_DemoAborted
=================
*/
static void CL_DemoAborted( void )
{
if( cls.demofile )
FS_Close( cls.demofile );
cls.demoplayback = false;
cls.changedemo = false;
cls.timedemo = false;
demo.framecount = 0;
cls.demofile = NULL;
cls.demonum = -1;
Cvar_DirectSet( &v_dark, "0" );
}
/*
====================
CL_WriteDemoCmdHeader
@ -593,6 +612,14 @@ static void CL_ReadDemoUserCmd( qboolean discard )
FS_Read( cls.demofile, &outgoing_sequence, sizeof( int ));
FS_Read( cls.demofile, &cmdnumber, sizeof( int ));
FS_Read( cls.demofile, &bytes, sizeof( short ));
if( bytes >= sizeof( data ))
{
Con_Printf( S_ERROR "%s: too large dem_usercmd (size %u seq %i)\n", __func__, bytes, outgoing_sequence );
CL_DemoAborted();
return;
}
FS_Read( cls.demofile, data, bytes );
if( !discard )
@ -721,25 +748,6 @@ static void CL_DemoStartPlayback( int mode )
cl.last_command_ack = -1;
}
/*
=================
CL_DemoAborted
=================
*/
static void CL_DemoAborted( void )
{
if( cls.demofile )
FS_Close( cls.demofile );
cls.demoplayback = false;
cls.changedemo = false;
cls.timedemo = false;
demo.framecount = 0;
cls.demofile = NULL;
cls.demonum = -1;
Cvar_DirectSet( &v_dark, "0" );
}
/*
=================
CL_DemoCompleted