edg-l/ddnet
1
0
Fork 0
mirror of https://github.com/ddnet/ddnet.git synced 2024-11-10 01:58:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #590 from Redix/pr_finish_buffer

Browse source 
Fix buffer overflow in race recorder and ghost
This commit is contained in:
Dennis Felsing 2016-12-16 15:54:02 +01:00 committed by GitHub
parent ff47f98f8f 22e2489377
commit 7296dd2b53
2 changed files with 16 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
src/game/client/components/ghost.cpp
View file

@ -554,25 +554,18 @@ void CGhost::OnMessage(int MsgType, void *pRawMsg)
CNetMsg_Sv_Chat *pMsg = (CNetMsg_Sv_Chat *)pRawMsg;
if(pMsg->m_ClientID == -1 && m_RaceState == RACE_STARTED)
{
const char* pMessage = pMsg->m_pMessage;
int Num = 0;
while(str_comp_num(pMessage, " finished in: ", 14))
{
pMessage++;
Num++;
if(!pMessage[0])
return;
}
// store the name
char aName[64];
str_copy(aName, pMsg->m_pMessage, Num+1);
char aName[MAX_NAME_LENGTH];
const char *pFinished = str_find(pMsg->m_pMessage, " finished in: ");
int FinishedPos = pFinished - pMsg->m_pMessage;
if (!pFinished || FinishedPos == 0 || FinishedPos >= (int)sizeof(aName))
return;
str_copy(aName, pMsg->m_pMessage, FinishedPos + 1);
// prepare values and state for saving
int Minutes;
float Seconds;
if(!str_comp(aName, m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_aName) && sscanf(pMessage, " finished in: %d minute(s) %f", &Minutes, &Seconds) == 2)
if(!str_comp(aName, m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_aName) && sscanf(pFinished, " finished in: %d minute(s) %f", &Minutes, &Seconds) == 2)
{
m_RaceState = RACE_FINISHED;
float CurTime = Minutes*60 + Seconds;

22
src/game/client/components/race_demo.cpp
View file

@ -112,25 +112,19 @@ void CRaceDemo::OnMessage(int MsgType, void *pRawMsg)
CNetMsg_Sv_Chat *pMsg = (CNetMsg_Sv_Chat *)pRawMsg;
if(pMsg->m_ClientID == -1 && m_RaceState == RACE_STARTED)
{
const char* pMessage = pMsg->m_pMessage;
int Num = 0;
while(str_comp_num(pMessage, " finished in: ", 14))
{
pMessage++;
Num++;
if(!pMessage[0])
return;
}
char aName[MAX_NAME_LENGTH];
const char *pFinished = str_find(pMsg->m_pMessage, " finished in: ");
int FinishedPos = pFinished - pMsg->m_pMessage;
if (!pFinished || FinishedPos == 0 || FinishedPos >= (int)sizeof(aName))
return;
// store the name
char aName[64];
str_copy(aName, pMsg->m_pMessage, Num+1);
str_copy(aName, pMsg->m_pMessage, FinishedPos + 1);
// prepare values and state for saving
int Minutes;
float Seconds;
if(!str_comp(aName, m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_aName) && sscanf(pMessage, " finished in: %d minute(s) %f", &Minutes, &Seconds) == 2)
if(!str_comp(aName, m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_aName) && sscanf(pFinished, " finished in: %d minute(s) %f", &Minutes, &Seconds) == 2)
{
m_RaceState = RACE_FINISHED;
m_RecordStopTime = Client()->GameTick() + Client()->GameTickSpeed();