6084: Fix heap-buffer-overflow in DDNetLaser prediction code r=heinrich5991 a=Zwelf
Found while playing the Exit when doing the part at x:35 y:219. Verified that with the fix applied the crash doesn't happen anymore.
asan output:
```
=================================================================
==10996==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62000001de20 at pc 0x5555575208d0 bp 0x7fffffff4710 sp 0x7fffffff4708
READ of size 4 at 0x62000001de20 thread T0
[Detaching after fork from child process 11277]
#0 0x5555575208cf in ExtractLaserInfoDDNet(CNetObj_DDNetLaser const*, CGameWorld*) /home/user/.local/bin/ddnet/src/src/game/client/laser_data.cpp:36:27
#1 0x5555575af9c8 in CGameWorld::NetObjAdd(int, int, void const*, CNetObj_EntityEx const*) /home/user/.local/bin/ddnet/src/src/game/client/prediction/gameworld.cpp:493:11
#2 0x5555574bf201 in CGameClient::UpdatePrediction() /home/user/.local/bin/ddnet/src/src/game/client/gameclient.cpp:2452:15
#3 0x5555574aad89 in CGameClient::OnNewSnapshot() /home/user/.local/bin/ddnet/src/src/game/client/gameclient.cpp:1729:3
#4 0x5555569562c7 in CClient::Update() /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:2751:22
#5 0x55555696e4bd in CClient::Run() /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:3260:4
#6 0x5555569caa8b in main /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:4753:11
#7 0x7ffff4ea9d09 in __libc_start_main csu/../csu/libc-start.c:308:16
#8 0x5555560f55c9 in _start (/home/user/.local/bin/ddnet/build-fast/DDNet+0xba15c9) (BuildId: 6d1b5aed4fc199ba75cdc083de5ada540ca4612b)
0x62000001de20 is located 0 bytes after 3488-byte region [0x62000001d080,0x62000001de20)
allocated by thread T0 here:
#0 0x55555618e36e in __interceptor_malloc (/home/user/.local/bin/ddnet/build-fast/DDNet+0xc3a36e) (BuildId: 6d1b5aed4fc199ba75cdc083de5ada540ca4612b)
#1 0x555556382591 in CSnapshotStorage::Add(int, long, int, void*, int, void*) /home/user/.local/bin/ddnet/src/src/engine/shared/snapshot.cpp:518:32
#2 0x55555693aa6e in CClient::ProcessServerPacket(CNetChunk*, int, bool) /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:2088:31
#3 0x55555694b48c in CClient::PumpNetwork() /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:2556:4
#4 0x55555695ca61 in CClient::Update() /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:2868:2
#5 0x55555696e4bd in CClient::Run() /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:3260:4
#6 0x5555569caa8b in main /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:4753:11
#7 0x7ffff4ea9d09 in __libc_start_main csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/.local/bin/ddnet/src/src/game/client/laser_data.cpp:36:27 in ExtractLaserInfoDDNet(CNetObj_DDNetLaser const*, CGameWorld*)
Shadow bytes around the buggy address:
0x62000001db80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x62000001dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x62000001dc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x62000001dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x62000001dd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x62000001de00: 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa
0x62000001de80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x62000001df00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x62000001df80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x62000001e000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x62000001e080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==10996==ABORTING
```
<!-- What is the motivation for the changes of this pull request? -->
<!-- Note that builds and other checks will be run for your change. Don't feel intimidated by failures in some of the checks. If you can't resolve them yourself, experienced devs can also resolve them before merging your pull request. -->
## Checklist
- [x] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [x] Considered possible null pointers and out of bounds array indexing
- [x] Changed no physics that affect existing maps
- [x] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Zwelf <zwelf@strct.cc>
Found while playing the Exit when doing the part at x:35 y:219.
Verified that with the fix applied the crash doesn't happen anymore.
asan output:
```
=================================================================
==10996==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62000001de20 at pc 0x5555575208d0 bp 0x7fffffff4710 sp 0x7fffffff4708
READ of size 4 at 0x62000001de20 thread T0
[Detaching after fork from child process 11277]
#0 0x5555575208cf in ExtractLaserInfoDDNet(CNetObj_DDNetLaser const*, CGameWorld*) /home/user/.local/bin/ddnet/src/src/game/client/laser_data.cpp:36:27
#1 0x5555575af9c8 in CGameWorld::NetObjAdd(int, int, void const*, CNetObj_EntityEx const*) /home/user/.local/bin/ddnet/src/src/game/client/prediction/gameworld.cpp:493:11
#2 0x5555574bf201 in CGameClient::UpdatePrediction() /home/user/.local/bin/ddnet/src/src/game/client/gameclient.cpp:2452:15
#3 0x5555574aad89 in CGameClient::OnNewSnapshot() /home/user/.local/bin/ddnet/src/src/game/client/gameclient.cpp:1729:3
#4 0x5555569562c7 in CClient::Update() /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:2751:22
#5 0x55555696e4bd in CClient::Run() /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:3260:4
#6 0x5555569caa8b in main /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:4753:11
#7 0x7ffff4ea9d09 in __libc_start_main csu/../csu/libc-start.c:308:16
#8 0x5555560f55c9 in _start (/home/user/.local/bin/ddnet/build-fast/DDNet+0xba15c9) (BuildId: 6d1b5aed4fc199ba75cdc083de5ada540ca4612b)
0x62000001de20 is located 0 bytes after 3488-byte region [0x62000001d080,0x62000001de20)
allocated by thread T0 here:
#0 0x55555618e36e in __interceptor_malloc (/home/user/.local/bin/ddnet/build-fast/DDNet+0xc3a36e) (BuildId: 6d1b5aed4fc199ba75cdc083de5ada540ca4612b)
#1 0x555556382591 in CSnapshotStorage::Add(int, long, int, void*, int, void*) /home/user/.local/bin/ddnet/src/src/engine/shared/snapshot.cpp:518:32
#2 0x55555693aa6e in CClient::ProcessServerPacket(CNetChunk*, int, bool) /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:2088:31
#3 0x55555694b48c in CClient::PumpNetwork() /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:2556:4
#4 0x55555695ca61 in CClient::Update() /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:2868:2
#5 0x55555696e4bd in CClient::Run() /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:3260:4
#6 0x5555569caa8b in main /home/user/.local/bin/ddnet/src/src/engine/client/client.cpp:4753:11
#7 0x7ffff4ea9d09 in __libc_start_main csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/.local/bin/ddnet/src/src/game/client/laser_data.cpp:36:27 in ExtractLaserInfoDDNet(CNetObj_DDNetLaser const*, CGameWorld*)
Shadow bytes around the buggy address:
0x62000001db80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x62000001dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x62000001dc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x62000001dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x62000001dd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x62000001de00: 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa
0x62000001de80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x62000001df00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x62000001df80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x62000001e000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x62000001e080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==10996==ABORTING
```
6082: Fix incorrect cursor position after exiting pause/spec r=def- a=Robyt3
The cursor position was not correctly restored when exiting pause or spec, when the mouse was on the left side of the tee (x being negative).
This is caused by a calculation introduced in #1637 and #1830 that tries to ensure that the mouse can still be moved if it ends up inside the minimum mouse distance (`cl_mouse_min_distance` and `cl_dyncam_min_distance`). However, this did not consider that the x position can become negative, so the x position was also incorrectly changed when exiting pause.
This is fixed by reverting the changes, as this code has become obsolete and has been superseded by #2009 and #3884. The `CControls::ClampMousePos` function, which is called directly after restoring the position, already ensures that mouse is not stuck within the minimum mouse distance.
Closes#2591.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [X] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [X] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
The cursor position was not correctly restored when exiting pause or spec, when the mouse was on the left side of the tee (x being negative).
This is caused by a calculation introduced in #1637 and #1830 that tries to ensure that the mouse can still be moved if it ends up inside the minimum mouse distance (`cl_mouse_min_distance` and `cl_dyncam_min_distance`).
However, this did not consider that the x position can become negative, so the x position was also incorrectly changed when exiting pause.
This is fixed by reverting the changes, as this code has become obsolete and has been superseded by #2009 and #3884. The `CControls::ClampMousePos` function, which is called directly after restoring the position, already ensures that mouse is not stuck within the minimum mouse distance.
Closes#2591.
6081: Add generic confirm popup to menu, adapt generic message popup, use the generic popups when possible r=def- a=Robyt3
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
Add "Cancel" button to country/region picker popup. It's already possible to cancel with the Escape key, so there should also be a button, which keeps the current selection.
Delegate the listbox activation (enter / double click on item) to the popup to confirm it. Enter was previously working but then broken by the logic that ensures that every hotkey is only consumed once. Now both enter and double click confirm the popup.
From teeworlds/teeworlds#2961.
Add a generic popup to confirm an operation to the menu and revise the generic message popup similar to this.
Both popups have a title and a message. The message popup has one button and the confirmation popup has two buttons.
For each button a label, the next popup after clicking the button, and a custom button handler can be set.
From teeworlds/teeworlds#2598.
6080: Try using default MariaDB server version (fixes#6079) r=Robyt3 a=def-
<!-- What is the motivation for the changes of this pull request? -->
<!-- Note that builds and other checks will be run for your change. Don't feel intimidated by failures in some of the checks. If you can't resolve them yourself, experienced devs can also resolve them before merging your pull request. -->
## Checklist
- [ ] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Dennis Felsing <dennis@felsin9.de>
6075: Fix key reader text flashing for one frame, refactoring r=def- a=Robyt3
The key reader was displaying the old key for a frame. It now shows the new key immediately without flashing the old one after changing a bind.
Refactoring:
- The if-branches are restructured to be the same as on upstream.
- The function `GetKeyBindModifiersName` can be called without an additional check, because it returns an empty string when no modifier is pressed.
- The unused parameter `Checked` of the `DoButton_KeySelect` function is removed.
From teeworlds/teeworlds#2877.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
6076: Fix stored commands using original callback instead of the chain, fix client crash when launching with `screenshot` command r=def- a=Robyt3
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
6074: Reset teams when restarting round r=def- a=Robyt3
The state of teams was not reset when restarting a round with `restart`, which led to various issues (#5144):
- Switchers kept their previous state instead of being reset to the initial state after restarting.
- Teams that started racing sometimes could not be joined after restarting.
- Sometimes teams cannot finish a race after restarting. I cannot reproduce this issue, so I don't know if it's fixed by these changes.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [X] Considered possible null pointers and out of bounds array indexing
- [X] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
The client crashes when launching with `screenshot` in the command line, as the graphics are not available when the command is executed.
This is fixed by storing the command, so it's executed when everything is ready.
When stored commands (`CFGFLAG_STORE`) were executed with `CConsole::StoreCommands(false)`, the associated chained commands were not properly executed, if they were chained after the command has been stored (e.g. in `CMenus::OnInit`).
Storing the command saves the current callback and userdata, which were overridden by the chain callback and userdata, but the stored callback and userdata were not updated.
This is fixed by storing a pointer to the command itself, which will be updated when it is chained.
From teeworlds/teeworlds#2572.
The key reader was displaying the old key for a frame. It now shows the new key immediately without flashing the old one after changing a bind.
Refactoring:
- The if-branches are restructured to be the same as on upstream.
- The function `GetKeyBindModifiersName` can be called without an additional check, because it returns an empty string when no modifier is pressed.
- The unused parameter `Checked` of the `DoButton_KeySelect` function is removed.
From teeworlds/teeworlds#2877.
The state of teams was not reset when restarting a round with `restart`, which led to various issues (#5144):
- Switchers kept their previous state instead of being reset to the initial state after restarting.
- Teams that started racing sometimes could not be joined after restarting.
- Sometimes teams cannot finish a race after restarting. I cannot reproduce this issue, so I don't know if it's fixed by these changes.
6073: Remove // in ddnet:// url handler r=Jupeyy a=def-
<!-- What is the motivation for the changes of this pull request? -->
<!-- Note that builds and other checks will be run for your change. Don't feel intimidated by failures in some of the checks. If you can't resolve them yourself, experienced devs can also resolve them before merging your pull request. -->
## Checklist
- [ ] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Dennis Felsing <dennis@felsin9.de>
6070: Add reason to vote mute, fix vote mute r=def- a=Vy0x2
<!-- What is the motivation for the changes of this pull request? -->
When vote muting a player, the message which notifies the player got send in team chat (should be chat_all) and a second message appeared in rcon. Furthermore you couldnt add a reason to vote mutes.
Fixed those issues.
<!-- Note that builds and other checks will be run for your change. Don't feel intimidated by failures in some of the checks. If you can't resolve them yourself, experienced devs can also resolve them before merging your pull request. -->
## Checklist
- [x] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [x] Considered possible null pointers and out of bounds array indexing
- [x] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Vy0x2 <denispaul43@gmail.com>
6068: Fix client crash when unpacking a sixup packet r=def- a=Robyt3
The client crashes when trying to unpack a packet that has the sixup flag set, as `CNetClient` does not pass pointers for the output parameters `pSecurityToken` and `pResponseToken` to `CNetBase::UnpackPacket`. Since the client does not handle sixup packets, checks are added to return an error and ignore the packet instead of crashing due to a null pointer access.
This was found by fuzzing the data returned by `net_udp_recv` with radamsa.
```
==6200==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8d0fb8ba56 bp 0x7ffcbf67c7f0 sp 0x7ffcbf67c7a8 T0)
==6200==The signal is caused by a WRITE memory access.
==6200==Hint: address points to the zero page.
0 0x7f8d0fb8ba56 (/lib/x86_64-linux-gnu/libc.so.6+0xc4a56)
1 0x563a7e250fbe in mem_copy src/base/system.cpp:208
2 0x563a7e1bc6b6 in CNetBase::UnpackPacket(unsigned char*, int, CNetPacketConstruct*, bool&, int*, int*) src/engine/shared/network.cpp:263
3 0x563a7e1bf57e in CNetClient::Recv(CNetChunk*) src/engine/shared/network_client.cpp:100
4 0x563a7cfa76a2 in CClient::PumpNetwork() src/engine/client/client.cpp:2546
5 0x563a7cfb7cf6 in CClient::Update() src/engine/client/client.cpp:2838
6 0x563a7cfcfe47 in CClient::Run() src/engine/client/client.cpp:3214
7 0x563a7d04c631 in main src/engine/client/client.cpp:4702
8 0x7f8d0faf0d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
9 0x7f8d0faf0e3f in __libc_start_main_impl ../csu/libc-start.c:392
10 0x563a7cb28754 in _start (build-asan/DDNet+0x2472754)
==8315==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f4accfe5a56 bp 0x7ffcf1318530 sp 0x7ffcf13184e8 T0)
==8315==The signal is caused by a WRITE memory access.
==8315==Hint: address points to the zero page.
0 0x7f4accfe5a56 (/lib/x86_64-linux-gnu/libc.so.6+0xc4a56)
1 0x560413603200 in mem_copy src/base/system.cpp:208
2 0x56041356d9c7 in CNetBase::UnpackPacket(unsigned char*, int, CNetPacketConstruct*, bool&, int*, int*) src/engine/shared/network.cpp:224
3 0x5604135717c0 in CNetClient::Recv(CNetChunk*) src/engine/shared/network_client.cpp:104
4 0x5604123597e2 in CClient::PumpNetwork() src/engine/client/client.cpp:2546
5 0x560412369e36 in CClient::Update() src/engine/client/client.cpp:2838
6 0x560412381f87 in CClient::Run() src/engine/client/client.cpp:3214
7 0x5604123fe771 in main src/engine/client/client.cpp:4702
8 0x7f4accf4ad8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
9 0x7f4accf4ae3f in __libc_start_main_impl ../csu/libc-start.c:392
10 0x560411eda894 in _start (build-asan/DDNet+0x2472894)
```
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [X] Considered possible null pointers and out of bounds array indexing
- [X] Changed no physics that affect existing maps
- [X] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
The client crashes when trying to unpack a packet that has the sixup flag set, as `CNetClient` does not pass pointers for the output parameters `pSecurityToken` and `pResponseToken` to `CNetBase::UnpackPacket`.
Since the client does not handle sixup packets, checks are added to return an error and ignore the packet instead of crashing due to a null pointer access.
This was found by fuzzing the data returned by `net_udp_recv` with radamsa.
```
==6200==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8d0fb8ba56 bp 0x7ffcbf67c7f0 sp 0x7ffcbf67c7a8 T0)
==6200==The signal is caused by a WRITE memory access.
==6200==Hint: address points to the zero page.
0 0x7f8d0fb8ba56 (/lib/x86_64-linux-gnu/libc.so.6+0xc4a56)
1 0x563a7e250fbe in mem_copy src/base/system.cpp:208
2 0x563a7e1bc6b6 in CNetBase::UnpackPacket(unsigned char*, int, CNetPacketConstruct*, bool&, int*, int*) src/engine/shared/network.cpp:263
3 0x563a7e1bf57e in CNetClient::Recv(CNetChunk*) src/engine/shared/network_client.cpp:100
4 0x563a7cfa76a2 in CClient::PumpNetwork() src/engine/client/client.cpp:2546
5 0x563a7cfb7cf6 in CClient::Update() src/engine/client/client.cpp:2838
6 0x563a7cfcfe47 in CClient::Run() src/engine/client/client.cpp:3214
7 0x563a7d04c631 in main src/engine/client/client.cpp:4702
8 0x7f8d0faf0d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
9 0x7f8d0faf0e3f in __libc_start_main_impl ../csu/libc-start.c:392
10 0x563a7cb28754 in _start (build-asan/DDNet+0x2472754)
==8315==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f4accfe5a56 bp 0x7ffcf1318530 sp 0x7ffcf13184e8 T0)
==8315==The signal is caused by a WRITE memory access.
==8315==Hint: address points to the zero page.
0 0x7f4accfe5a56 (/lib/x86_64-linux-gnu/libc.so.6+0xc4a56)
1 0x560413603200 in mem_copy src/base/system.cpp:208
2 0x56041356d9c7 in CNetBase::UnpackPacket(unsigned char*, int, CNetPacketConstruct*, bool&, int*, int*) src/engine/shared/network.cpp:224
3 0x5604135717c0 in CNetClient::Recv(CNetChunk*) src/engine/shared/network_client.cpp:104
4 0x5604123597e2 in CClient::PumpNetwork() src/engine/client/client.cpp:2546
5 0x560412369e36 in CClient::Update() src/engine/client/client.cpp:2838
6 0x560412381f87 in CClient::Run() src/engine/client/client.cpp:3214
7 0x5604123fe771 in main src/engine/client/client.cpp:4702
8 0x7f4accf4ad8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
9 0x7f4accf4ae3f in __libc_start_main_impl ../csu/libc-start.c:392
10 0x560411eda894 in _start (build-asan/DDNet+0x2472894)
```
6067: Implement smooth zoom for editor r=heinrich5991 a=Robyt3
Port the smooth zoom code from the ingame camera to the editor with some minor adjustments.
The smooth zoom animation time can be adjusted with the existing `cl_smooth_zoom_time` config variable.
Closes#2525.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [X] Tested in combination with possibly related configuration options: `cl_smooth_zoom_time`, `cl_limit_max_zoom_level` and `ed_zoom_target`
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
Port the smooth zoom code from the ingame camera to the editor with some minor adjustments.
The smooth zoom animation time can be adjusted with the existing `cl_smooth_zoom_time` config variable.
Closes#2525.
6058: Fix invalid demo cutting, Add slice highlighting r=Chairn a=VoxelDoesCode
Before, you could place an end slice before the beginning, creating a "zero second" demo, which doesn't play in client, and renders a corrupt file. I implemented a check where if the playhead is before the beginning slice, it won't place an end slice, and vice versa.
I also added highlighting in between the slices, so that it's easier to see.
![image](https://user-images.githubusercontent.com/95713843/202870840-216df4d7-975e-496d-b122-c819ce7ae6ee.png)
## Checklist
- [x] Tested the change ingame
- [x] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [x] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: VoxelDoesCode <bluheadcat@gmail.com>
6064: Fix choppy demo seeking when start/end ticks are very large r=def- a=Robyt3
Demo seeking for percent positions and relative time was choppy, when the first and last ticks of the demo are very large but close together (e.g. with 1308908156 to 1308905658, which are close to integer limit). During the calculation of `WantedTick` both operands were promoted to `float`s, which caused the information of the smaller operand, i.e. the seeked percentage or relative time, to be mostly lost, so seeking was very inaccurate. This is fixed by rounding the `float` operand to `int` before adding it to another `int`.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
Demo seeking for percent positions and relative time was choppy, when the first and last ticks of the demo are very large but close together (e.g. with 1308908156 to 1308905658, which are close to integer limit).
During the calculation of `WantedTick` both operands were promoted to `float`s, which caused the information of the smaller operand, i.e. the seeked percentage or relative time, to be mostly lost, so seeking was very inaccurate.
This is fixed by rounding the `float` operand to `int` before adding it to another `int`.
6061: Add friend counter + Change alignment of player count text r=def- a=l-ouis
Added friend counter, changed the alignment of player count indicator to better accommodate friend counter + line up with the "Players" text at the top of the tab
![image](https://user-images.githubusercontent.com/69405348/202891241-b76899cf-e65a-4085-804b-0a6877468fbc.png)
Fixes#5911
## Checklist
- [x] Tested the change ingame
- [x] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [x] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: louis <louisaltgeer@gmail.com>
6063: Add `TYPE_ALL_OR_ABSOLUTE` and `TYPE_SAVE_OR_ABSOLUTE` storage types r=def- a=Robyt3
The types are translated to `TYPE_ALL`/`TYPE_SAVE` respectively if a given path is relative and to `TYPE_ABSOLUTE` if a path is absolute.
These types are only supported with the `OpenFile`, `ReadFile`, `ReadFileStr` and `GetCompletePath` methods.
This reduces duplicate code when calling the methods.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
The types are translated to `TYPE_ALL`/`TYPE_SAVE` respectively if a given path is relative and to `TYPE_ABSOLUTE` if a path is absolute.
These types are only supported with the `OpenFile`, `ReadFile`, `ReadFileStr` and `GetCompletePath` methods.
This reduces duplicate code when calling the methods.
6059: add cargo for fedora r=def- a=Anime-pdf
<!-- What is the motivation for the changes of this pull request? -->
looks like in 07be2a7663 cargo package for fedora wasn't added
<!-- Note that builds and other checks will be run for your change. Don't feel intimidated by failures in some of the checks. If you can't resolve them yourself, experienced devs can also resolve them before merging your pull request. -->
Co-authored-by: Paul <paul.turkovskiy@gmail.com>
6054: Fix editor crash when shifting left/right, fix wrong up/down shifting r=heinrich5991 a=Robyt3
Shifting left/right with a shift value greater than the layer's width crashed the game due to a heap-buffer-overflow.
Shifting up/down with a shift value greater or equal to half the layer's height did not correctly shift the entire layer.
The values of the enum constants `DIRECTION_*` are changed to consecutive numbers instead of exponents of two, as the directions cannot be combined together as flags.
Closes#6036.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [X] Considered possible null pointers and out of bounds array indexing
- [X] Changed no physics that affect existing maps
- [X] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
6053: Add `Shift+G` editor hotkey to toggle visibility of game layers r=def- a=Robyt3
If any game layers are hidden, the hotkey will make them visible. Else, if all game layers are visible, the hotkey will hide all of them.
Closes#4109.
## Checklist
- [X] Tested the change ingame
- [ ] Provided screenshots if it is a visual change
- [ ] Tested in combination with possibly related configuration options
- [ ] Written a unit test (especially base/) or added coverage to integration test
- [ ] Considered possible null pointers and out of bounds array indexing
- [ ] Changed no physics that affect existing maps
- [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addresssanitizer--undefinedbehavioursanitizer-or-valgrinds-memcheck) (optional)
Co-authored-by: Robert Müller <robytemueller@gmail.com>
Shifting left/right with a shift value greater than the layer's width crashed the game due to a heap-buffer-overflow.
Shifting up/down with a shift value greater or equal to half the layer's height did not correctly shift the entire layer.
The values of the enum constants `DIRECTION_*` are changed to consecutive numbers instead of exponents of two, as the directions cannot be combined together as flags.
Closes#6036.