search

sezero / quakespasm

QuakeSpasm -- A modern, cross-platform Quake game engine based on FitzQuake.
https://sourceforge.net/projects/quakespasm/
GNU General Public License v2.0
227 stars 96 forks source link

Fix buffer overflow in progs global string functions #91

Closed alexey-lysiuk closed 8 months ago

alexey-lysiuk commented 8 months ago

Using v1.06 progs.dat, the following code causes buffer overflow as string value it references is long enough to fill entire line variable

PR_PrintStatement(&pr_statements[5821]);
sezero commented 8 months ago

Thanks. Can you make lastchari static const, instead? E.g. like:

    static char line[512];
+   static const int lastchari = Q_COUNTOF(line) - 2;
    const char  *s;
sezero commented 8 months ago

Thanks, this is in. (Applied a tiny reorganization as a follow-up as b3b4203735d8622719e4d322de8da0d2b6c982c7)

alexey-lysiuk commented 8 months ago

Thanks, this is in. (Applied a tiny reorganization as a follow-up as b3b4203)

Sorry, I missed the fact that new variable was moved to a different line in your code snippet.