MGislv
/
Quake3e
1
0
Fork 0
Code Releases Activity

Fixed potential out-of-bounds access caused by large s_paintedtime

This commit is contained in:
Eugene 2021-12-11 18:07:50 +02:00
parent 776cbaf7aa
commit 73c99cdca4
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
code/client/snd_local.h
View File

@ -63,8 +63,8 @@ typedef struct sfx_s {
} sfx_t;
typedef struct {
int channels;
int samples; // mono samples in buffer
unsigned int channels;
unsigned int samples; // mono samples in buffer
int fullsamples; // samples with all channels in buffer (samples divided by channels)
int submission_chunk; // don't mix less than this #
int samplebits;

4
code/client/snd_mix.c
View File

@ -344,7 +344,7 @@ static void S_TransferPaintBuffer( int endtime, byte *buffer )
p = (int *) paintbuffer;
count = (endtime - s_paintedtime) * dma.channels;
out_mask = dma.samples - 1;
out_idx = s_paintedtime * dma.channels & out_mask;
out_idx = ( s_paintedtime * dma.channels ) & out_mask;
step = 3 - dma.channels;
if ( dma.samplebits == 32 && dma.isfloat )
@ -397,7 +397,7 @@ static void S_TransferPaintBuffer( int endtime, byte *buffer )
if ( CL_VideoRecording() ) {
//count = (endtime - s_paintedtime) * dma.channels;
count = (clc.aviFrameEndTime - s_paintedtime) * dma.channels;
out_idx = s_paintedtime * dma.channels % dma.samples;
out_idx = ( s_paintedtime * dma.channels ) % dma.samples;
while ( count > 0 ) {
int n = count;
if ( n + out_idx > dma.samples )