From 6a819c8683a1d26e82efdd142acca9a367462637 Mon Sep 17 00:00:00 2001 From: WPMGPRoSToTeMa Date: Thu, 16 Jul 2015 04:43:03 +0300 Subject: [PATCH 1/2] Fixed MAX_FRAGMENTS count --- rehlds/engine/net.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rehlds/engine/net.h b/rehlds/engine/net.h index b0d45e1..e5757bc 100644 --- a/rehlds/engine/net.h +++ b/rehlds/engine/net.h @@ -250,7 +250,7 @@ typedef struct flow_s #ifndef REHLDS_FIXES #define MAX_FRAGMENTS 25000 #else -#define MAX_FRAGMENTS ((NET_MAX_PAYLOAD + FRAGMENT_SIZE - 1) / FRAGMENT_SIZE) // should be enough for any send buf +#define MAX_FRAGMENTS (NET_MAX_PAYLOAD / FRAGMENT_SIZE) // should be enough for any send buf #endif #define UDP_HEADER_SIZE 28 From a3b651e54b2f0fcb40bd7a787f6071ebe5c6effd Mon Sep 17 00:00:00 2001 From: WPMGPRoSToTeMa Date: Thu, 16 Jul 2015 09:56:19 +0300 Subject: [PATCH 2/2] Added overflow checks in Netchan_CopyNormalFragments --- rehlds/engine/net_chan.cpp | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/rehlds/engine/net_chan.cpp b/rehlds/engine/net_chan.cpp index 4ea9cb7..6c84a4c 100644 --- a/rehlds/engine/net_chan.cpp +++ b/rehlds/engine/net_chan.cpp @@ -1399,16 +1399,41 @@ qboolean Netchan_CopyNormalFragments(netchan_t *chan) SZ_Clear(&net_message); MSG_BeginReading(); +#ifdef REHLDS_FIXES + bool overflowed = false; +#endif // REHLDS_FIXES + while (p) { n = p->next; +#ifdef REHLDS_FIXES + if (net_message.cursize + p->frag_message.cursize <= net_message.maxsize) + SZ_Write(&net_message, p->frag_message.data, p->frag_message.cursize); + else + overflowed = true; +#else // REHLDS_FIXES SZ_Write(&net_message, p->frag_message.data, p->frag_message.cursize); +#endif // REHLDS_FIXES Mem_Free(p); p = n; } +#ifdef REHLDS_FIXES + if (overflowed) + { + Con_Printf("Netchan_CopyNormalFragments: Overflowed\n"); + + SZ_Clear(&net_message); + + chan->incomingbufs[FRAG_NORMAL_STREAM] = NULL; + chan->incomingready[FRAG_NORMAL_STREAM] = false; + + return FALSE; + } +#endif // REHLDS_FIXES + if (*(uint32 *)net_message.data == MAKEID('B', 'Z', '2', '\0')) { char uncompressed[65536];