When running a q3ut3 server, it will crash if invalid arguments are passed to addbot. However, this does not appear to be reproducible with a baseq3 server and a Sarge bot.
Server invocation:
gdb /usr/local/games/quake3/debug-ioq3ded.i386
(gdb) run +set fs_game q3ut3 +map ut_algiers
Example:
(Server console) addbot Puma 43432 fsdf sf 3 423r se
Com_sprintf: overflow of 2 in 2
Program received signal SIGSEGV, Segmentation fault.
0xa7ed85f9 in strncpy () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0 0xa7ed85f9 in strncpy () from /lib/tls/i686/cmov/libc.so.6
#1 0x080527e9 in SV_GameSystemCalls (args=0xa0eb0678) at code/server/sv_game.c:822
#2 0x080c6a71 in callAsmCall () at code/qcommon/vm_x86.c:195
#3 0x080c6ac0 in systemCall () at code/qcommon/vm_x86.c:204
#4 0x08082a45 in VM_Call (vm=0x8262b80, callnum=9) at code/qcommon/vm.c:747
#5 0x08052cb9 in SV_GameCommand () at code/server/sv_game.c:971
#6 0x08066e33 in Cmd_ExecuteString (
text=0xafb0b084 "addbot Puma 43432 fsdf sf 3 423r se") at code/qcommon/cmd.c:679
#7 0x08066708 in Cbuf_Execute () at code/qcommon/cmd.c:220
#8 0x0806ab3c in Com_Frame () at code/qcommon/common.c:2738
#9 0x080c5224 in main (argc=6, argv=0xafb0c5c4) at code/unix/unix_main.c:1418
(gdb) quit
Yes, it does happen with idQ3 1.32b as well.
I suspected that it's a bug in the UrT code. If that's the case, and a workaround in ioQ3 wouldn't be appropriate, then go ahead and close this bug. Sorry about that.
It would be possible to introduce a guard on the strncpy calls, but this introduces unnecessary expense on an often called function and causes undefined behaviour instead of a (correct) crash.
There is already some code in the OpenAL implementation to deal with some similarly bad use of the sound API. I'd rather keep these sorts of things to a minimum.
I suggest you go and beat the UrT developers with one or more well sharpened clue sticks, this is really a school boy error.
Setting a QA contact on all ioquake3 bugs, even resolved ones. Sorry if you get a flood of email from this, it should only happen once. Apologies for the incovenience.
--ryan.
When running a q3ut3 server, it will crash if invalid arguments are passed to addbot. However, this does not appear to be reproducible with a baseq3 server and a Sarge bot. Server invocation: gdb /usr/local/games/quake3/debug-ioq3ded.i386 (gdb) run +set fs_game q3ut3 +map ut_algiers Example: (Server console) addbot Puma 43432 fsdf sf 3 423r se Com_sprintf: overflow of 2 in 2 Program received signal SIGSEGV, Segmentation fault. 0xa7ed85f9 in strncpy () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt #0 0xa7ed85f9 in strncpy () from /lib/tls/i686/cmov/libc.so.6 #1 0x080527e9 in SV_GameSystemCalls (args=0xa0eb0678) at code/server/sv_game.c:822 #2 0x080c6a71 in callAsmCall () at code/qcommon/vm_x86.c:195 #3 0x080c6ac0 in systemCall () at code/qcommon/vm_x86.c:204 #4 0x08082a45 in VM_Call (vm=0x8262b80, callnum=9) at code/qcommon/vm.c:747 #5 0x08052cb9 in SV_GameCommand () at code/server/sv_game.c:971 #6 0x08066e33 in Cmd_ExecuteString ( text=0xafb0b084 "addbot Puma 43432 fsdf sf 3 423r se") at code/qcommon/cmd.c:679 #7 0x08066708 in Cbuf_Execute () at code/qcommon/cmd.c:220 #8 0x0806ab3c in Com_Frame () at code/qcommon/common.c:2738 #9 0x080c5224 in main (argc=6, argv=0xafb0c5c4) at code/unix/unix_main.c:1418 (gdb) quit