Add `CSnapshot::IsValid` to check if a snapshot unpacked from a snapshot delta or demo is valid:
- ensure number of items and data size are not negative
- ensure that the actual size of the snapshot matches the size derived from its member variables
- ensure item offsets are within the valid range
- ensure item sizes are not negative
Add `CSnapshot::TotalSize` and `CSnapshot::OffsetSize` utility functions.
Minor improvements to related error messages.
Fixes buffer overflow:
```
==47744==ERROR: AddressSanitizer: global-buffer-overflow on address 0x558618e3767f at pc 0x558614b9bdfb bp 0x7ffe58a32cd0 sp 0x7ffe58a32cc0
READ of size 4 at 0x558618e3767f thread T0
0x558614b9bdfa in CSnapshotItem::Type() const src/engine/shared/snapshot.h:16
0x558615c3c911 in CSnapshot::GetItemType(int) const src/engine/shared/snapshot.cpp:29
0x558614aebaba in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2264
0x558614af87cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
0x558615b9db1a in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:659
0x558615babd3f in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
0x558614afb08b in CClient::Update() src/engine/client/client.cpp:2686
0x558614b1d9eb in CClient::Run() src/engine/client/client.cpp:3296
0x558614b8e64f in main src/engine/client/client.cpp:4761
```
And fixes a buffer overflow that manifests itself as an internal ASan error:
```
=================================================================
==4755==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_descriptions.cc:79 "((0 && "Address is not in memory and not in shadow?")) != (0)" (0x0, 0x0)
0x7f0bf5f368be in AsanCheckFailed ../../../../src/libsanitizer/asan/asan_rtl.cc:72
0x7f0bf5f54eee in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cc:77
0x7f0bf5e4cb6f in GetShadowKind ../../../../src/libsanitizer/asan/asan_descriptions.cc:79
0x7f0bf5e4cb6f in __asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*) ../../../../src/libsanitizer/asan/asan_descriptions.cc:95
0x7f0bf5e4cb6f in __asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*) ../../../../src/libsanitizer/asan/asan_descriptions.cc:92
0x7f0bf5e4e386 in __asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool) ../../../../src/libsanitizer/asan/asan_descriptions.cc:440
0x7f0bf5e50e94 in __asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long) ../../../../src/libsanitizer/asan/asan_errors.cc:380
0x7f0bf5f35f4d in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) ../../../../src/libsanitizer/asan/asan_report.cc:460
0x7f0bf5e86f5e in __interceptor_memset ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:762
0x558234873f1d in mem_zero src/base/system.cpp:213
0x55823481fc27 in CSnapshotBuilder::NewItem(int, int, int) src/engine/shared/snapshot.cpp:675
0x55823481be65 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:380
0x558234776641 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
0x5582347861a9 in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
0x5582336d4c7d in CClient::Update() src/engine/client/client.cpp:2695
0x5582336f75dd in CClient::Run() src/engine/client/client.cpp:3305
0x558233768241 in main src/engine/client/client.cpp:4770
```
5651: Fix shift with negative exponent in `TeamMask` r=def- a=Robyt3
Closes#5650.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [X] Changed no physics that affect existing maps
- [X] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
```
src/game/server/teams.cpp:484:35: runtime error: shift exponent -1 is negative
0x55d065b241c4 in CGameTeams::TeamMask(int, int, int) src/game/server/teams.cpp:484
0x55d0657f92ed in CCharacter::TickDefered() src/game/server/entities/character.cpp:821
0x55d065a5d04c in CGameWorld::Tick() src/game/server/gameworld.cpp:283
0x55d0659327e6 in CGameContext::OnTick() src/game/server/gamecontext.cpp:852
0x55d0656e6a88 in CServer::Run() src/engine/server/server.cpp:2807
0x55d0657164f1 in main src/engine/server/server.cpp:3904
```
5647: Fix null pointer / out of bounds accesses in chat and maplayers r=def- a=Robyt3
See #5646.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [X] Considered possible null pointers and out of bounds array indexing
- [X] Changed no physics that affect existing maps
- [X] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
```
src/game/client/components/chat.cpp:795:89: runtime error: index -1 out of bounds for type 'CClientData [64]'
#0 0x55c133fd047a in CChat::AddLine(int, int, char const*) src/game/client/components/chat.cpp:795
#1 0x55c133fc80b5 in CChat::OnMessage(int, void*) src/game/client/components/chat.cpp:570
#2 0x55c134677688 in CGameClient::OnMessage(int, CUnpacker*, int, bool) src/game/client/gameclient.cpp:770
#3 0x55c133c282d2 in CClient::OnDemoPlayerMessage(void*, int) src/engine/client/client.cpp:2627
#4 0x55c134ccdcba in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:679
#5 0x55c134cdac81 in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#6 0x55c133c2a08b in CClient::Update() src/engine/client/client.cpp:2686
#7 0x55c133c4c9eb in CClient::Run() src/engine/client/client.cpp:3296
#8 0x55c133cbd64f in main src/engine/client/client.cpp:4761
```
5638: Fix some variable names r=def- a=Robyt3
<!-- What is the motivation for the changes of this pull request -->
## Checklist
- [ ] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
5634: Fix clang tidy accessing data pointer r=def- a=ChillerDragon
ddnet/src/engine/client/favorites.cpp:229:23: error: 'data' should be
used for accessing the data pointer instead of taking the address of the
0-th element [readability-container-data-pointer,-warnings-as-errors]
int Index = pEntry - &m_aEntries[0];
^~~~~~~~~~~~~~
(m_aEntries).data()
<!-- What is the motivation for the changes of this pull request -->
## Checklist
- [ ] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: ChillerDragon <ChillerDragon@gmail.com>
5633: Adapt upstreams CButtonContainer r=def- a=ChillerDragon
Introduce ``CButtonContainer`` which is used for fading text in teeworlds. There is no fading text in ddnet yet.
This change allows introducing such fading buttons but the main motivation for this change is easier copy & pasting code from ddnet to teeworlds code base and vice versa.
## Checklist
- [x] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [x] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: ChillerDragon <ChillerDragon@gmail.com>
5636: Minor refactoring of `CNetBase` r=def- a=Robyt3
<!-- What is the motivation for the changes of this pull request -->
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
ddnet/src/engine/client/favorites.cpp:229:23: error: 'data' should be
used for accessing the data pointer instead of taking the address of the
0-th element [readability-container-data-pointer,-warnings-as-errors]
int Index = pEntry - &m_aEntries[0];
^~~~~~~~~~~~~~
(m_aEntries).data()
5631: Minor refactoring and a fix for a typo r=def- a=Kaffeine
The minor refactoring:
- 1f264a042d After DDNet tuning [re-introduced](8ef1f35f89) as the default tuning for all maps and gametypes, I had to find another solution to use vanilla tuning at least for the mod I work on.
The mod maps are started with a prefix so I check the map name on demo playback to disable DDNet tuning for the mod demos.
I found that the map info was not set on demo loaded but it was easy to fix.
I hope you'll agree that this is the correct behavior and this might be useful for some other client features too (maybe we'll need this to show the map name during playback).
- prediction/entity API changes — I needed those to reuse server-side code for client-side (mod specific) prediction. I think it'll be useful and I would like to push it now to have less conflicts later
## Checklist
- [x] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Alexander Akulich <akulichalexander@gmail.com>
5520: Warn about pnglite-incompatible PNGs on load r=def- a=heinrich5991
This allows a larger range of PNGs to be loaded while still maintaining
backward compatibility with older clients by annoying the user.
This warning can be enabled by the `warn-pnglite-incompatible-images`
key in the https://info2.ddnet.tw/info JSON, if the key is not there or
the JSON hasn't been obtained yet, the warning is disabled. Since the
JSON is cached across restarts, it'll be effective for initially loaded
images from the second start.
## Checklist
- [x] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test if it works standalone, system.c especially
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
5624: Move message copy inside `SendPackMsgTranslate` r=def- a=Robyt3
Fix clang warning: Address of stack memory associated with local variable 'aBuf' is still referred to by the stack variable 'tmp' upon returning to the caller. This will be a dangling reference [clang-analyzer-core.StackAddressEscape]
Mark the input parameters as const pointers and mark the protocol message `Pack` methods as const.
And remove a null check that only serves to hide programmer errors.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: heinrich5991 <heinrich5991@gmail.com>
Co-authored-by: Robert Müller <robytemueller@gmail.com>
This allows a larger range of PNGs to be loaded while still maintaining
backward compatibility with older clients by annoying the user.
This warning can be enabled by the `warn-pnglite-incompatible-images`
key in the https://info2.ddnet.tw/info JSON, if the key is not there or
the JSON hasn't been obtained yet, the warning is disabled. Since the
JSON is cached across restarts, it'll be effective for initially loaded
images from the second start.
5619: Make UI inputs more secure r=def- a=C0D3D3V
fixes#3560 finally :) what a dream xD
This in addition also fixes an input bug, if you hold a mouse button on an input and then open f1 it no longer presses that button.
## Checklist
- [x] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [x] Considered possible null pointers and out of bounds array indexing
- [x] Changed no physics that affect existing maps
- [x] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: c0d3d3v <c0d3d3v@mag-keinen-spam.de>
5511: Rename cl_show_quads -> cl_showquads r=heinrich5991 a=def-
To reenable quads for everyone who accidentally disabled it or has the
bind to accidentally disable them
<!-- What is the motivation for the changes of this pull request -->
## Checklist
- [ ] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test if it works standalone, system.c especially
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: def <dennis@felsin9.de>
5630: Fix integration tests hanging on crashes r=def- a=ChillerDragon
When the client or server crash the fifo will be dead
then the cleanup command hangs at
echo "quit" > client1.fifo
because the fifo is not responding and thus it is stuck there.
which causes the user to probably ctrl+c at some point
which then avoids client2 to be quit which might not have crashed
So this commit checks if a fail_client1.txt file exits and if it crashed
already it will skip the call to the broken fifo
<!-- What is the motivation for the changes of this pull request -->
## Checklist
- [x] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [x] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: ChillerDragon <ChillerDragon@gmail.com>
When the client or server crash the fifo will be dead
then the cleanup command hangs at
echo "quit" > client1.fifo
because the fifo is not responding and thus it is stuck there.
which causes the user to probably ctrl+c at some point
which then avoids client2 to be quit which might not have crashed
So this commit checks if a fail_client1.txt file exits and if it crashed
already it will skip the call to the broken fifo
5622: Fix UDP connectivity check r=def- a=heinrich5991
The nonsensical index of `m_aNetClients` was introduced during my
rebasing of #5205.
Fixes#5618.
## Checklist
- [x] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: heinrich5991 <heinrich5991@gmail.com>
Fix clang warning: Address of stack memory associated with local variable 'aBuf' is still referred to by the stack variable 'tmp' upon returning to the caller. This will be a dangling reference [clang-analyzer-core.StackAddressEscape]
Mark the input parameters as const pointers and mark the protocol message `Pack` methods as const.
5539: Remove even more redundant variables to avoid inconsistent states. Fix another swap bug. r=edg-l a=C0D3D3V
See https://youtu.be/jghPB-Y2BsQ
Please review it carefully.
## Checklist
- [x] Tested the change ingame
- [x] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test if it works standalone, system.c especially
- [x] Considered possible null pointers and out of bounds array indexing
- [x] Changed no physics that affect existing maps
- [x] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: c0d3d3v <c0d3d3v@mag-keinen-spam.de>