QVM out-of-bounds memory access

[zturtleman]

The system call handlers don't validate the memory addresses / lengths passed to for memset, memcpy, and many other system calls. Reported by @mickael9 and also recently fixed in a quake3e commit.

[ec-]

in addition, fixed regressions: https://github.com/ec-/Quake3e/commit/ee4bcd384746f9de3aaaaec5d1486f5af80ce293 https://github.com/ec-/Quake3e/commit/478ed825abef9facd5ccd1cb273af58c0afbd6a1#diff-9147c4ccf1f146b951895df52798cc02R396

[aufau]

For reference, this is how I implemented the same idea in JK2MV:

https://github.com/mvdevs/jk2mv/blob/master/src/qcommon/qcommon.h#L359-L372 https://github.com/mvdevs/jk2mv/blob/master/src/qcommon/vm.cpp#L850-L991 https://github.com/mvdevs/jk2mv/blob/master/src/server/sv_game.cpp#L343-L1088

Probably not all of these helper functions would be needed in ioq3. On first sight the main difference seems to be that it also sanitizes reads.

I can port it to ioq3 if you're interested, but it would be nice to get an extra review before doing so (it has been out in jk2mv since June last year and no reports so far).

[zturtleman]

This is being worked on in #441.