From dddab169d13250eeb7106adc499bc5054179f3ff Mon Sep 17 00:00:00 2001
From: divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Date: Mon, 2 Mar 2015 21:25:35 +0000
Subject: [PATCH] Fix a VERY LONG loop caused by high unreliable sequence
 numbers.

Many thanks to afl-fuzz!

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@12169 d7cf8633-e32d-0410-b094-e92efae38249
---
 netconn.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/netconn.c b/netconn.c
index 4badfab6..aa4d5ba1 100755
--- a/netconn.c
+++ b/netconn.c
@@ -1248,6 +1248,12 @@ static int NetConn_ReceivedMessage(netconn_t *conn, const unsigned char *data, s
 		{
 			conn->droppedDatagrams += count;
 			//Con_DPrintf("Dropped %u datagram(s)\n", count);
+			// If too may packets have been dropped, only write the
+			// last NETGRAPH_PACKETS ones to the netgraph. Why?
+			// Because there's no point in writing more than
+			// these as the netgraph is going to be full anyway.
+			if (count > NETGRAPH_PACKETS)
+				count = NETGRAPH_PACKETS;
 			while (count--)
 			{
 				conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
@@ -1338,6 +1344,12 @@ static int NetConn_ReceivedMessage(netconn_t *conn, const unsigned char *data, s
 						count = sequence - conn->nq.unreliableReceiveSequence;
 						conn->droppedDatagrams += count;
 						//Con_DPrintf("Dropped %u datagram(s)\n", count);
+						// If too may packets have been dropped, only write the
+						// last NETGRAPH_PACKETS ones to the netgraph. Why?
+						// Because there's no point in writing more than
+						// these as the netgraph is going to be full anyway.
+						if (count > NETGRAPH_PACKETS)
+							count = NETGRAPH_PACKETS;
 						while (count--)
 						{
 							conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
-- 
2.39.2