Thread
:
Open Source Half-Life Engine
View Single Post
PRoSToTeM@
Veteran Member
Join Date: Jan 2010
Location: Russia, Ivanovo
07-10-2017 , 19:30 Re: Open Source Half-Life Engine
#
72
The bug with %s0 is located in CLocalizedStringTable::ConstructString. It checks that X in "%sX" is less or equal than the numFormatParameters, but doesn't check that X > 0.
When there is no "%sX" (but just "%s" or something else) in message then the client uses snwprintf. But snwprintf doesn't support the argument count check like ConstructString, so swnprintf can get the garbage from the stack and crash the client. So there should be used custom snwprintf implementation with argument count checking (they can copy code from CLocalizedStringTable::ConstructString and change the part of code with positional %s).
__________________
Last edited by PRoSToTeM@; 07-10-2017 at
20:06
.
PRoSToTeM@
View Public Profile
Send a private message to PRoSToTeM@
Visit PRoSToTeM@'s homepage!
Find More Posts by PRoSToTeM@