From: cloudwalk Date: Wed, 30 Sep 2020 12:54:18 +0000 (+0000) Subject: cmd: Fix integer overflow of cbuf->size when using defer. X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=03115599a1933922c9533bcf4eb5ecb447e9700f;p=xonotic%2Fdarkplaces.git cmd: Fix integer overflow of cbuf->size when using defer. The size variable is used to track the size of the text buffers for each node for allocation purposes. These never get smaller, and the cbuf->size variable decrements based on length rather than size. Eventually this causes an integer overflow. git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@12976 d7cf8633-e32d-0410-b094-e92efae38249 --- diff --git a/cmd.c b/cmd.c index aa6eea83..08da25ac 100644 --- a/cmd.c +++ b/cmd.c @@ -423,7 +423,7 @@ static void Cbuf_Execute_Deferred (cmd_buf_t *cbuf) current->delay -= eat; if(current->delay <= 0) { - cbuf->size += current->size; + cbuf->size += current->length; List_Move(pos, &cbuf->start); // We must return and come back next frame or the engine will freeze. Fragile... like glass :3 return;