FWGS/xash3d-fwgs
2
0
Fork 0
mirror of https://github.com/FWGS/xash3d-fwgs synced 2024-11-22 01:45:19 +01:00
Code Issues 2 Projects Releases Wiki Activity

ref: fix out of bound access when the entity is marked as player but has invalid number

Browse Source 
It's possible when client.dll passes a self allocated entity and wants to draw
it as player but doesn't initialize or set the entity number correctly.
This commit is contained in:
Alibek Omarov 2024-11-07 07:18:12 +03:00
parent 6a2a2c33ee
commit 8bebf698ef
2 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ref/gl/gl_studio.c
View File

@ -2653,8 +2653,11 @@ R_StudioSetupPlayerModel
*/ */
static model_t *R_StudioSetupPlayerModel( int index ) static model_t *R_StudioSetupPlayerModel( int index )
{ {
player_info_t *info = gEngfuncs.pfnPlayerInfo( index ); player_info_t *info = gEngfuncs.pfnPlayerInfo( index );
player_model_t *state; player_model_t *state;
if( index < 0 || index >= gp_cl->maxclients )
return NULL;
state = &g_studio.player_models[index]; state = &g_studio.player_models[index];
@ -2670,7 +2673,8 @@ static model_t *R_StudioSetupPlayerModel( int index )
if( gEngfuncs.fsapi->FileExists( state->modelname, false )) if( gEngfuncs.fsapi->FileExists( state->modelname, false ))
state->model = gEngfuncs.Mod_ForName( state->modelname, false, true ); state->model = gEngfuncs.Mod_ForName( state->modelname, false, true );
else state->model = NULL; else
state->model = NULL;
if( !state->model ) if( !state->model )
state->model = RI.currententity->model; state->model = RI.currententity->model;
@ -2695,18 +2699,20 @@ check for texture flags
*/ */
int R_GetEntityRenderMode( cl_entity_t *ent ) int R_GetEntityRenderMode( cl_entity_t *ent )
{ {
int i, opaque, trans; int i, opaque, trans;
mstudiotexture_t *ptexture; mstudiotexture_t *ptexture;
cl_entity_t *oldent; cl_entity_t *oldent;
model_t *model; model_t *model = NULL;
studiohdr_t *phdr; studiohdr_t *phdr;
oldent = RI.currententity; oldent = RI.currententity;
RI.currententity = ent; RI.currententity = ent;
if( ent->player ) // check it for real playermodel if( ent->player ) // check it for real playermodel
model = R_StudioSetupPlayerModel( ent->curstate.number - 1 ); model = R_StudioSetupPlayerModel( ent->curstate.number - 1 );
else model = ent->model;
if( !model )
model = ent->model;
RI.currententity = oldent; RI.currententity = oldent;

8
ref/soft/r_studio.c
View File

@ -2353,6 +2353,9 @@ static model_t *R_StudioSetupPlayerModel( int index )
player_info_t *info = gEngfuncs.pfnPlayerInfo( index ); player_info_t *info = gEngfuncs.pfnPlayerInfo( index );
player_model_t *state; player_model_t *state;
if( index < 0 || index >= gp_cl->maxclients )
return NULL;
state = &g_studio.player_models[index]; state = &g_studio.player_models[index];
// g-cont: force for "dev-mode", non-local games and menu preview // g-cont: force for "dev-mode", non-local games and menu preview
@ -2396,7 +2399,7 @@ int R_GetEntityRenderMode( cl_entity_t *ent )
int i, opaque, trans; int i, opaque, trans;
mstudiotexture_t *ptexture; mstudiotexture_t *ptexture;
cl_entity_t *oldent; cl_entity_t *oldent;
model_t *model; model_t *model = NULL;
studiohdr_t *phdr; studiohdr_t *phdr;
oldent = RI.currententity; oldent = RI.currententity;
@ -2404,7 +2407,8 @@ int R_GetEntityRenderMode( cl_entity_t *ent )
if( ent->player ) // check it for real playermodel if( ent->player ) // check it for real playermodel
model = R_StudioSetupPlayerModel( ent->curstate.number - 1 ); model = R_StudioSetupPlayerModel( ent->curstate.number - 1 );
else
if( !model )
model = ent->model; model = ent->model;
RI.currententity = oldent; RI.currententity = oldent;