From bb9d5e97ff495d6908929a7bdf832e609c825b2f Mon Sep 17 00:00:00 2001
From: divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Date: Mon, 9 Feb 2015 08:54:46 +0000
Subject: [PATCH] Fix an useless NULL check, and a very funny overrun.

The overrun is in initialization of command line arguments, and thus not
exploitable.

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@12160 d7cf8633-e32d-0410-b094-e92efae38249
---
 common.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/common.c b/common.c
index 667f99c6..66b7895a 100644
--- a/common.c
+++ b/common.c
@@ -1619,13 +1619,22 @@ void COM_Init_Commands (void)
 		if (strstr(com_argv[j], " "))
 		{
 			// arg contains whitespace, store quotes around it
+			// This condition checks whether we can allow to put
+			// in two quote characters.
+			if (n >= ((int)sizeof(com_cmdline) - 2))
+				break;
 			com_cmdline[n++] = '\"';
+			// This condition checks whether we can allow one
+			// more character and a quote character.
 			while ((n < ((int)sizeof(com_cmdline) - 2)) && com_argv[j][i])
+				// FIXME: Doesn't quote special characters.
 				com_cmdline[n++] = com_argv[j][i++];
 			com_cmdline[n++] = '\"';
 		}
 		else
 		{
+			// This condition checks whether we can allow one
+			// more character.
 			while ((n < ((int)sizeof(com_cmdline) - 1)) && com_argv[j][i])
 				com_cmdline[n++] = com_argv[j][i++];
 		}
@@ -2084,7 +2093,7 @@ void InfoString_SetValue(char *buffer, size_t bufferlength, const char *key, con
 		Con_Printf("InfoString_SetValue: no room for \"%s\" \"%s\" in infostring\n", key, value);
 		return;
 	}
-	if (value && value[0])
+	if (value[0])
 	{
 		// set the key/value and append the remaining text
 		char tempbuffer[MAX_INPUTLINE];
-- 
2.39.2