2644 – Minor buffer overflow in renderer

Bug 2644 - Minor buffer overflow in renderer

Status:	RESOLVED FIXED

Alias:	None

Product:	ioquake3
Classification:	Unclassified
Component:	Misc
Version:	1.33 SVN
Hardware:	All All

Importance:	P2 normal
Assignee:	Zachary J. Slater
QA Contact:	ioquake3 bugzilla mailing list

URL:

Depends on:
Blocks:

Reported:	2006-04-09 10:27 EDT by Thilo Schulz
Modified:	2007-05-21 11:25:24 EDT
CC List:	1 user (show)

See Also:

Description Thilo Schulz 2006-04-09 10:27:44 EDT

A buffer in tr_shade_calc.c is one byte too small.

In function RB_CalcColorFromOneMinusEntity line 622:

unsigned char invModulate[3];
must be:
unsigned char invModulate[4];

invModulate[3] gets written to in that same function, so 4 byte size is necessary.

Of course, in reality this will have likely zero impact on operations, still this should be fixed. MSVC debugger cried out loudly about a corrupted stack.

Comment 1 Ryan C. Gordon 2007-05-21 11:25:24 EDT

Setting a QA contact on all ioquake3 bugs, even resolved ones. Sorry if you get a flood of email from this, it should only happen once. Apologies for the incovenience.

--ryan.

Top of page