ref: ad2635d480c70322577fd80665e58080138b1ead
parent: 16480f3c04c72437f81e807ab14d4c41119137ef
author: Sigrid Solveig Haflínudóttir <sigrid@ftrv.se>
date: Sat Oct 14 17:12:26 EDT 2023
don't out-of-bounds access type_size
--- a/pr_edict.c
+++ b/pr_edict.c
@@ -504,8 +504,8 @@
v = (int *)((char *)&ed->v + d->ofs*4);
// if the value is still all 0, skip the field
- type = d->type & ~DEF_SAVEGLOBAL;
-
+ if((type = d->type & ~DEF_SAVEGLOBAL) >= nelem(type_size))
+ continue;
for (j=0 ; j<type_size[type] ; j++)
if (v[j])
break;
@@ -1064,8 +1064,6 @@
Cvar_RegisterVariable (&saved4);
Cvar_RegisterVariable (&pr_checkextension);
}
-
-
edict_t *EDICT_NUM(int n)
{