From f95b5a79bdcbe7820b308b5f000809701ac20013 Mon Sep 17 00:00:00 2001 From: ludwig Date: Tue, 13 Jan 2009 07:57:03 +0000 Subject: fix overflow in CG_ParseTeamInfo based on patch for Tremulous, thanks to Roman Tetelman git-svn-id: svn://svn.icculus.org/quake3/trunk@1492 edf5b092-35ff-0310-97b2-ce42778d08ea --- code/cgame/cg_servercmds.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'code/cgame') diff --git a/code/cgame/cg_servercmds.c b/code/cgame/cg_servercmds.c index 185a068..7761646 100644 --- a/code/cgame/cg_servercmds.c +++ b/code/cgame/cg_servercmds.c @@ -118,9 +118,20 @@ static void CG_ParseTeamInfo( void ) { int client; numSortedTeamPlayers = atoi( CG_Argv( 1 ) ); + if( numSortedTeamPlayers < 0 || numSortedTeamPlayers > TEAM_MAXOVERLAY ) + { + CG_Error( "CG_ParseTeamInfo: numSortedTeamPlayers out of range (%d)", + numSortedTeamPlayers ); + return; + } for ( i = 0 ; i < numSortedTeamPlayers ; i++ ) { client = atoi( CG_Argv( i * 6 + 2 ) ); + if( client < 0 || client >= MAX_CLIENTS ) + { + CG_Error( "CG_ParseTeamInfo: bad client number: %d", client ); + return; + } sortedTeamPlayers[i] = client; -- cgit v1.2.3