From 275b73aa64da7c4b5083216d273877380ceebe73 Mon Sep 17 00:00:00 2001 From: tma Date: Mon, 19 Sep 2005 17:45:29 +0000 Subject: * Fix to multiple buffer overflow bugs in CL_Rcon_f * Fix to COM_ParseExt 1 byte overwrite bug * Fixed some missing calls to trap_FS_FCloseFile * Fixed q3msgboom and q3infoboom bugs * Fixed some qboolean type confusion * Above fixes from http://www.quakesrc.org/forums/viewtopic.php?t=5374 git-svn-id: svn://svn.icculus.org/quake3/trunk@95 edf5b092-35ff-0310-97b2-ce42778d08ea --- code/game/q_shared.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) (limited to 'code/game') diff --git a/code/game/q_shared.c b/code/game/q_shared.c index 928332f..bd8daa5 100644 --- a/code/game/q_shared.c +++ b/code/game/q_shared.c @@ -453,7 +453,7 @@ char *COM_ParseExt( char **data_p, qboolean allowLineBreaks ) *data_p = ( char * ) data; return com_token; } - if (len < MAX_TOKEN_CHARS) + if (len < MAX_TOKEN_CHARS - 1) { com_token[len] = c; len++; @@ -464,7 +464,7 @@ char *COM_ParseExt( char **data_p, qboolean allowLineBreaks ) // parse a regular word do { - if (len < MAX_TOKEN_CHARS) + if (len < MAX_TOKEN_CHARS - 1) { com_token[len] = c; len++; @@ -475,11 +475,6 @@ char *COM_ParseExt( char **data_p, qboolean allowLineBreaks ) com_lines++; } while (c>32); - if (len == MAX_TOKEN_CHARS) - { -// Com_Printf ("Token exceeded %i chars, discarded.\n", MAX_TOKEN_CHARS); - len = 0; - } com_token[len] = 0; *data_p = ( char * ) data; @@ -1192,7 +1187,7 @@ void Info_SetValueForKey( char *s, const char *key, const char *value ) { Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value); - if (strlen(newi) + strlen(s) > MAX_INFO_STRING) + if (strlen(newi) + strlen(s) >= MAX_INFO_STRING) { Com_Printf ("Info string length exceeded\n"); return; @@ -1240,7 +1235,7 @@ void Info_SetValueForKey_Big( char *s, const char *key, const char *value ) { Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value); - if (strlen(newi) + strlen(s) > BIG_INFO_STRING) + if (strlen(newi) + strlen(s) >= BIG_INFO_STRING) { Com_Printf ("BIG Info string length exceeded\n"); return; -- cgit v1.2.3