From 5120657386189f878de6c85376da8c3101da70b4 Mon Sep 17 00:00:00 2001 From: Alibek Omarov Date: Mon, 6 May 2024 06:53:22 +0300 Subject: [PATCH] engine: fix possible buffer overflow in S_StreamGetCurrentState --- engine/client/s_stream.c | 10 +++++----- engine/client/sound.h | 1 - engine/common/common.h | 2 +- engine/server/sv_game.c | 2 +- engine/server/sv_save.c | 2 +- 5 files changed, 8 insertions(+), 9 deletions(-) diff --git a/engine/client/s_stream.c b/engine/client/s_stream.c index 98ce7341..907b2288 100644 --- a/engine/client/s_stream.c +++ b/engine/client/s_stream.c @@ -142,7 +142,7 @@ S_StreamGetCurrentState save\restore code ================= */ -qboolean S_StreamGetCurrentState( char *currentTrack, char *loopTrack, int *position ) +qboolean S_StreamGetCurrentState( char *currentTrack, size_t currentTrackSize, char *loopTrack, size_t loopTrackSize, int *position ) { if( !s_bgTrack.stream ) return false; // not active @@ -150,15 +150,15 @@ qboolean S_StreamGetCurrentState( char *currentTrack, char *loopTrack, int *posi if( currentTrack ) { if( s_bgTrack.current[0] ) - Q_strncpy( currentTrack, s_bgTrack.current, MAX_STRING ); - else Q_strncpy( currentTrack, "*", MAX_STRING ); // no track + Q_strncpy( currentTrack, s_bgTrack.current, currentTrackSize ); + else Q_strncpy( currentTrack, "*", currentTrackSize ); // no track } if( loopTrack ) { if( s_bgTrack.loopName[0] ) - Q_strncpy( loopTrack, s_bgTrack.loopName, MAX_STRING ); - else Q_strncpy( loopTrack, "*", MAX_STRING ); // no track + Q_strncpy( loopTrack, s_bgTrack.loopName, loopTrackSize ); + else Q_strncpy( loopTrack, "*", loopTrackSize ); // no track } if( position ) diff --git a/engine/client/sound.h b/engine/client/sound.h index dd41329c..5dcc9c11 100644 --- a/engine/client/sound.h +++ b/engine/client/sound.h @@ -257,7 +257,6 @@ void SND_ForceCloseMouth( int entnum ); // void S_StreamSoundTrack( void ); void S_StreamBackgroundTrack( void ); -qboolean S_StreamGetCurrentState( char *currentTrack, char *loopTrack, int *position ); void S_PrintBackgroundTrackState( void ); void S_FadeMusicVolume( float fadePercent ); diff --git a/engine/common/common.h b/engine/common/common.h index 8defc2e9..bb87155e 100644 --- a/engine/common/common.h +++ b/engine/common/common.h @@ -695,7 +695,7 @@ void Log_Printf( const char *fmt, ... ) _format( 1 ); void SV_BroadcastCommand( const char *fmt, ... ) _format( 1 ); void SV_BroadcastPrintf( struct sv_client_s *ignore, const char *fmt, ... ) _format( 2 ); void CL_ClearStaticEntities( void ); -qboolean S_StreamGetCurrentState( char *currentTrack, char *loopTrack, int *position ); +qboolean S_StreamGetCurrentState( char *currentTrack, size_t currentTrackSize, char *loopTrack, size_t loopTrackSize, int *position ); void CL_ServerCommand( qboolean reliable, const char *fmt, ... ) _format( 2 ); void CL_HudMessage( const char *pMessage ); const char *CL_MsgInfo( int cmd ); diff --git a/engine/server/sv_game.c b/engine/server/sv_game.c index c256b379..4eda05e1 100644 --- a/engine/server/sv_game.c +++ b/engine/server/sv_game.c @@ -666,7 +666,7 @@ void SV_RestartAmbientSounds( void ) #if !XASH_DEDICATED // TODO: ??? // restart soundtrack - if( S_StreamGetCurrentState( curtrack, looptrack, &position )) + if( S_StreamGetCurrentState( curtrack, sizeof( curtrack ), looptrack, sizeof( looptrack ), &position )) { SV_StartMusic( curtrack, looptrack, position ); } diff --git a/engine/server/sv_save.c b/engine/server/sv_save.c index 63ffe4d8..b17e2776 100644 --- a/engine/server/sv_save.c +++ b/engine/server/sv_save.c @@ -1202,7 +1202,7 @@ static void SaveClientState( SAVERESTOREDATA *pSaveData, const char *level, int header.soundCount = S_GetCurrentDynamicSounds( soundInfo, MAX_CHANNELS ); #if !XASH_DEDICATED // music not reqiured to save position: it's just continue playing on a next level - S_StreamGetCurrentState( header.introTrack, header.mainTrack, &header.trackPosition ); + S_StreamGetCurrentState( header.introTrack, sizeof( header.introTrack ), header.mainTrack, sizeof( header.mainTrack ), &header.trackPosition ); #endif }