ref: 54fb12eeaa7d527defbe65e7e00e37d5feb7c597
parent: f1a8d991aa8a14afcb605cf2f65cd15fda204c56
author: Fabian Greffrath <[email protected]>
date: Wed Jun 24 08:49:14 EDT 2020
net: fix missing client-side ticdup validation The client does not validate settings coming from the server. The ticdup value is used as a divider in arithmetic operations. If the server sends this value equal to zero, the client will crash with a Floating Pointer Exception. Found by Michał Dardas from LogicalTrust. Fixes: #1292.
--- a/src/d_loop.c
+++ b/src/d_loop.c
@@ -413,6 +413,11 @@
ticdup = settings->ticdup;
new_sync = settings->new_sync;
+ if (ticdup < 1)
+ {
+ I_Error("D_StartNetGame: invalid ticdup value (%d)", ticdup);
+ }
+
// TODO: Message disabled until we fix new_sync.
//if (!new_sync)
//{