halflife icon indicating copy to clipboard operation
halflife copied to clipboard
verified publisher icon ValveSoftware

Buffer overflow in CHudMessage::MessageDrawScan

Open tmp64 opened this issue 2 years ago • 1 comments

CHudMessage::MessageDrawScan doesn't check the length of the line when filling the line buffer.

https://github.com/ValveSoftware/halflife/blob/c7240b965743a53a29491dd49320c88eecf6257b/cl_dll/message.cpp#L286-L297

The recent compiler update enabled security checks so a text line longer than 79 characters will cause all Windows clients to crash (tmp64/BugfixedHL-Rebased#195).

This bug only affects HL, DMC, Ricochet, Opposing Force and TFC. It was fixed in CS1.6, CSCZ, Blue Shift and DOD.

tmp64 avatar Dec 12 '23 02:12 tmp64

Seems to happen on the AG.DLL but less aggressively than bugfixedHL.DLL Be nice to get this fixed for Half-life

stylez1989 avatar Dec 15 '23 13:12 stylez1989