]> git.rm.cloudns.org Git - xonotic/darkplaces.git/commitdiff
projects / xonotic / darkplaces.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 12d55d7)
cmd: Fix integer overflow of cbuf->size when using defer.
authorcloudwalk <cloudwalk@d7cf8633-e32d-0410-b094-e92efae38249>
Wed, 30 Sep 2020 12:54:18 +0000 (12:54 +0000)
committercloudwalk <cloudwalk@d7cf8633-e32d-0410-b094-e92efae38249>
Wed, 30 Sep 2020 12:54:18 +0000 (12:54 +0000)
The size variable is used to track the size of the text buffers for
each node for allocation purposes. These never get smaller, and
the cbuf->size variable decrements based on length rather than
size. Eventually this causes an integer overflow.

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@12976 d7cf8633-e32d-0410-b094-e92efae38249

cmd.c patch | blob | history

diff --git a/cmd.c b/cmd.c
index aa6eea8307482f735d5cdbe4af84e830489d8768..08da25ac2c4aed10fa221c14c9bdcc93f3ff1e1a 100644 (file)
--- a/cmd.c
+++ b/cmd.c
@@ -423,7 +423,7 @@ static void Cbuf_Execute_Deferred (cmd_buf_t *cbuf)
                current->delay -= eat;
                if(current->delay <= 0)
                {
-                       cbuf->size += current->size;
+                       cbuf->size += current->length;
                        List_Move(pos, &cbuf->start);
                        // We must return and come back next frame or the engine will freeze. Fragile... like glass :3
                        return;