[iortcw] 03/09: New upstream release
Simon McVittie
smcv at debian.org
Fri Sep 8 10:35:27 UTC 2017
This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to branch debian/master
in repository iortcw.
commit ee20a4105e38c487a5f7c840334fe064df2d80e5
Author: Simon McVittie <smcv at debian.org>
Date: Thu Aug 31 23:10:19 2017 +0100
New upstream release
- Drop patch from previous version, now upstream
---
debian/changelog | 7 +
...buffer-overflow-in-MSG_ReadBits-MSG_Write.patch | 623 ---------------------
debian/patches/series | 1 -
debian/rules | 2 +-
4 files changed, 8 insertions(+), 625 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index f4951d4..95e9b5c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+iortcw (1.51b+dfsg1-1) UNRELEASED; urgency=medium
+
+ * New upstream release
+ - Drop patch from previous version, now upstream
+
+ -- Simon McVittie <smcv at debian.org> Thu, 31 Aug 2017 23:09:20 +0100
+
iortcw (1.51+dfsg1-3) unstable; urgency=medium
* d/p/1.52/All-Fix-improve-buffer-overflow-in-MSG_ReadBits-MSG_Write.patch:
diff --git a/debian/patches/1.52/All-Fix-improve-buffer-overflow-in-MSG_ReadBits-MSG_Write.patch b/debian/patches/1.52/All-Fix-improve-buffer-overflow-in-MSG_ReadBits-MSG_Write.patch
deleted file mode 100644
index 1b6cb1c..0000000
--- a/debian/patches/1.52/All-Fix-improve-buffer-overflow-in-MSG_ReadBits-MSG_Write.patch
+++ /dev/null
@@ -1,623 +0,0 @@
-From: MAN-AT-ARMS <M4N4T4RMS at gmail.com>
-Date: Thu, 3 Aug 2017 00:06:37 -0400
-Subject: All: Fix/improve buffer overflow in MSG_ReadBits/MSG_WriteBits
-
----
- MP/code/qcommon/huffman.c | 49 ++++++++++++++++++++---------------
- MP/code/qcommon/msg.c | 45 +++++++++++++++++++++++++-------
- MP/code/qcommon/qcommon.h | 6 ++---
- SP/code/qcommon/huffman.c | 49 ++++++++++++++++++++---------------
- SP/code/qcommon/msg.c | 65 ++++++++++++++++++++++++++++++++++-------------
- SP/code/qcommon/qcommon.h | 6 ++---
- 6 files changed, 145 insertions(+), 75 deletions(-)
-
-diff --git a/MP/code/qcommon/huffman.c b/MP/code/qcommon/huffman.c
-index 00b007e..88b972c 100644
---- a/MP/code/qcommon/huffman.c
-+++ b/MP/code/qcommon/huffman.c
-@@ -36,7 +36,7 @@ If you have questions concerning this license or the applicable additional terms
-
- static int bloc = 0;
-
--void Huff_putBit( int bit, byte *fout, int *offset ) {
-+void Huff_putBit( int bit, byte *fout, int *offset ) {
- bloc = *offset;
- if ( ( bloc & 7 ) == 0 ) {
- fout[( bloc >> 3 )] = 0;
-@@ -46,17 +46,15 @@ void Huff_putBit( int bit, byte *fout, int *offset ) {
- *offset = bloc;
- }
-
--int Huff_getBloc(void)
--{
-+int Huff_getBloc( void ) {
- return bloc;
- }
-
--void Huff_setBloc(int _bloc)
--{
-+void Huff_setBloc( int _bloc ) {
- bloc = _bloc;
- }
-
--int Huff_getBit( byte *fin, int *offset ) {
-+int Huff_getBit( byte *fin, int *offset ) {
- int t;
- bloc = *offset;
- t = ( fin[( bloc >> 3 )] >> ( bloc & 7 ) ) & 0x1;
-@@ -286,9 +284,14 @@ int Huff_Receive( node_t *node, int *ch, byte *fin ) {
- }
-
- /* Get a symbol */
--void Huff_offsetReceive( node_t *node, int *ch, byte *fin, int *offset ) {
-+void Huff_offsetReceive( node_t *node, int *ch, byte *fin, int *offset, int maxoffset ) {
- bloc = *offset;
- while ( node && node->symbol == INTERNAL_NODE ) {
-+ if ( bloc >= maxoffset ) {
-+ *ch = 0;
-+ *offset = maxoffset + 1;
-+ return;
-+ }
- if ( get_bit( fin ) ) {
- node = node->right;
- } else {
-@@ -305,11 +308,15 @@ void Huff_offsetReceive( node_t *node, int *ch, byte *fin, int *offset ) {
- }
-
- /* Send the prefix code for this node */
--static void send( node_t *node, node_t *child, byte *fout ) {
-+static void send( node_t *node, node_t *child, byte *fout, int maxoffset ) {
- if ( node->parent ) {
-- send( node->parent, node, fout );
-+ send( node->parent, node, fout, maxoffset );
- }
- if ( child ) {
-+ if ( bloc >= maxoffset ) {
-+ bloc = maxoffset + 1;
-+ return;
-+ }
- if ( node->right == child ) {
- add_bit( 1, fout );
- } else {
-@@ -319,22 +326,22 @@ static void send( node_t *node, node_t *child, byte *fout ) {
- }
-
- /* Send a symbol */
--void Huff_transmit( huff_t *huff, int ch, byte *fout ) {
-+void Huff_transmit( huff_t *huff, int ch, byte *fout, int maxoffset ) {
- int i;
- if ( huff->loc[ch] == NULL ) {
- /* node_t hasn't been transmitted, send a NYT, then the symbol */
-- Huff_transmit( huff, NYT, fout );
-+ Huff_transmit( huff, NYT, fout, maxoffset );
- for ( i = 7; i >= 0; i-- ) {
- add_bit( (char)( ( ch >> i ) & 0x1 ), fout );
- }
- } else {
-- send( huff->loc[ch], NULL, fout );
-+ send( huff->loc[ch], NULL, fout, maxoffset );
- }
- }
-
--void Huff_offsetTransmit( huff_t *huff, int ch, byte *fout, int *offset ) {
-+void Huff_offsetTransmit( huff_t *huff, int ch, byte *fout, int *offset, int maxoffset ) {
- bloc = *offset;
-- send( huff->loc[ch], NULL, fout );
-+ send( huff->loc[ch], NULL, fout, maxoffset );
- *offset = bloc;
- }
-
-@@ -374,17 +381,17 @@ void Huff_Decompress( msg_t *mbuf, int offset ) {
- seq[j] = 0;
- break;
- }
-- Huff_Receive( huff.tree, &ch, buffer ); /* Get a character */
-- if ( ch == NYT ) { /* We got a NYT, get the symbol associated with it */
-+ Huff_Receive( huff.tree, &ch, buffer ); /* Get a character */
-+ if ( ch == NYT ) { /* We got a NYT, get the symbol associated with it */
- ch = 0;
- for ( i = 0; i < 8; i++ ) {
- ch = ( ch << 1 ) + get_bit( buffer );
- }
- }
-
-- seq[j] = ch; /* Write symbol */
-+ seq[j] = ch; /* Write symbol */
-
-- Huff_addRef( &huff, (byte)ch ); /* Increment node */
-+ Huff_addRef( &huff, (byte)ch ); /* Increment node */
- }
- mbuf->cursize = cch + offset;
- Com_Memcpy( mbuf->data + offset, seq, cch );
-@@ -420,11 +427,11 @@ void Huff_Compress( msg_t *mbuf, int offset ) {
-
- for ( i = 0; i < size; i++ ) {
- ch = buffer[i];
-- Huff_transmit( &huff, ch, seq ); /* Transmit symbol */
-- Huff_addRef( &huff, (byte)ch ); /* Do update */
-+ Huff_transmit( &huff, ch, seq, size << 3 ); /* Transmit symbol */
-+ Huff_addRef( &huff, (byte)ch ); /* Do update */
- }
-
-- bloc += 8; // next byte
-+ bloc += 8; // next byte
-
- mbuf->cursize = ( bloc >> 3 ) + offset;
- Com_Memcpy( mbuf->data + offset, seq, ( bloc >> 3 ) );
-diff --git a/MP/code/qcommon/msg.c b/MP/code/qcommon/msg.c
-index 56ef5fc..e8a5e7e 100644
---- a/MP/code/qcommon/msg.c
-+++ b/MP/code/qcommon/msg.c
-@@ -114,9 +114,7 @@ void MSG_WriteBits( msg_t *msg, int value, int bits ) {
-
- msg->uncompsize += bits; // NERVE - SMF - net debugging
-
-- // this isn't an exact overflow check, but close enough
-- if ( msg->maxsize - msg->cursize < 4 ) {
-- msg->overflowed = qtrue;
-+ if ( msg->overflowed ) {
- return;
- }
-
-@@ -128,6 +126,11 @@ void MSG_WriteBits( msg_t *msg, int value, int bits ) {
- bits = -bits;
- }
- if ( msg->oob ) {
-+ if ( msg->cursize + ( bits >> 3 ) > msg->maxsize ) {
-+ msg->overflowed = qtrue;
-+ return;
-+ }
-+
- if ( bits == 8 ) {
- msg->data[msg->cursize] = value;
- msg->cursize += 1;
-@@ -150,6 +153,10 @@ void MSG_WriteBits( msg_t *msg, int value, int bits ) {
- if ( bits & 7 ) {
- int nbits;
- nbits = bits & 7;
-+ if ( msg->bit + nbits > msg->maxsize << 3 ) {
-+ msg->overflowed = qtrue;
-+ return;
-+ }
- for ( i = 0; i < nbits; i++ ) {
- Huff_putBit( ( value & 1 ), msg->data, &msg->bit );
- value = ( value >> 1 );
-@@ -158,8 +165,13 @@ void MSG_WriteBits( msg_t *msg, int value, int bits ) {
- }
- if ( bits ) {
- for ( i = 0; i < bits; i += 8 ) {
-- Huff_offsetTransmit( &msgHuff.compressor, ( value & 0xff ), msg->data, &msg->bit );
-+ Huff_offsetTransmit( &msgHuff.compressor, ( value & 0xff ), msg->data, &msg->bit, msg->maxsize << 3 );
- value = ( value >> 8 );
-+
-+ if ( msg->bit > msg->maxsize << 3 ) {
-+ msg->overflowed = qtrue;
-+ return;
-+ }
- }
- }
- msg->cursize = ( msg->bit >> 3 ) + 1;
-@@ -173,6 +185,10 @@ int MSG_ReadBits( msg_t *msg, int bits ) {
- int i, nbits;
- // FILE* fp;
-
-+ if ( msg->readcount > msg->cursize ) {
-+ return 0;
-+ }
-+
- value = 0;
-
- if ( bits < 0 ) {
-@@ -183,6 +199,11 @@ int MSG_ReadBits( msg_t *msg, int bits ) {
- }
-
- if ( msg->oob ) {
-+ if ( msg->readcount + ( bits >> 3 ) > msg->cursize ) {
-+ msg->readcount = msg->cursize + 1;
-+ return 0;
-+ }
-+
- if ( bits == 8 ) {
- value = msg->data[msg->readcount];
- msg->readcount += 1;
-@@ -205,6 +226,10 @@ int MSG_ReadBits( msg_t *msg, int bits ) {
- nbits = 0;
- if ( bits & 7 ) {
- nbits = bits & 7;
-+ if ( msg->bit + nbits > msg->cursize << 3 ) {
-+ msg->readcount = msg->cursize + 1;
-+ return 0;
-+ }
- for ( i = 0; i < nbits; i++ ) {
- value |= ( Huff_getBit( msg->data, &msg->bit ) << i );
- }
-@@ -213,9 +238,14 @@ int MSG_ReadBits( msg_t *msg, int bits ) {
- if ( bits ) {
- // fp = fopen("c:\\netchan.bin", "a");
- for ( i = 0; i < bits; i += 8 ) {
-- Huff_offsetReceive( msgHuff.decompressor.tree, &get, msg->data, &msg->bit );
-+ Huff_offsetReceive( msgHuff.decompressor.tree, &get, msg->data, &msg->bit, msg->cursize << 3 );
- // fwrite(&get, 1, 1, fp);
- value |= ( get << ( i + nbits ) );
-+
-+ if ( msg->bit > msg->cursize << 3 ) {
-+ msg->readcount = msg->cursize + 1;
-+ return 0;
-+ }
- }
- // fclose(fp);
- }
-@@ -280,8 +310,8 @@ void MSG_WriteLong( msg_t *sb, int c ) {
- }
-
- void MSG_WriteFloat( msg_t *sb, float f ) {
--
- floatint_t dat;
-+
- dat.f = f;
- MSG_WriteBits( sb, dat.i, 32 );
- }
-@@ -409,7 +439,6 @@ int MSG_ReadLong( msg_t *msg ) {
- }
-
- float MSG_ReadFloat( msg_t *msg ) {
--
- floatint_t dat;
-
- dat.i = MSG_ReadBits( msg, 32 );
-@@ -462,7 +491,6 @@ char *MSG_ReadBigString( msg_t *msg ) {
- if ( c == '%' ) {
- c = '.';
- }
--
- // don't allow higher ascii values
- if ( c > 127 ) {
- c = '.';
-@@ -491,7 +519,6 @@ char *MSG_ReadStringLine( msg_t *msg ) {
- if ( c == '%' ) {
- c = '.';
- }
--
- // don't allow higher ascii values
- if ( c > 127 ) {
- c = '.';
-diff --git a/MP/code/qcommon/qcommon.h b/MP/code/qcommon/qcommon.h
-index 699ed5f..a8aea46 100644
---- a/MP/code/qcommon/qcommon.h
-+++ b/MP/code/qcommon/qcommon.h
-@@ -1329,9 +1329,9 @@ void Huff_Decompress( msg_t *buf, int offset );
- void Huff_Init( huffman_t *huff );
- void Huff_addRef( huff_t* huff, byte ch );
- int Huff_Receive( node_t *node, int *ch, byte *fin );
--void Huff_transmit( huff_t *huff, int ch, byte *fout );
--void Huff_offsetReceive( node_t *node, int *ch, byte *fin, int *offset );
--void Huff_offsetTransmit( huff_t *huff, int ch, byte *fout, int *offset );
-+void Huff_transmit( huff_t *huff, int ch, byte *fout, int maxoffset );
-+void Huff_offsetReceive( node_t *node, int *ch, byte *fin, int *offset, int maxoffset );
-+void Huff_offsetTransmit( huff_t *huff, int ch, byte *fout, int *offset, int maxoffset );
- void Huff_putBit( int bit, byte *fout, int *offset );
- int Huff_getBit( byte *fout, int *offset );
-
-diff --git a/SP/code/qcommon/huffman.c b/SP/code/qcommon/huffman.c
-index 00b007e..88b972c 100644
---- a/SP/code/qcommon/huffman.c
-+++ b/SP/code/qcommon/huffman.c
-@@ -36,7 +36,7 @@ If you have questions concerning this license or the applicable additional terms
-
- static int bloc = 0;
-
--void Huff_putBit( int bit, byte *fout, int *offset ) {
-+void Huff_putBit( int bit, byte *fout, int *offset ) {
- bloc = *offset;
- if ( ( bloc & 7 ) == 0 ) {
- fout[( bloc >> 3 )] = 0;
-@@ -46,17 +46,15 @@ void Huff_putBit( int bit, byte *fout, int *offset ) {
- *offset = bloc;
- }
-
--int Huff_getBloc(void)
--{
-+int Huff_getBloc( void ) {
- return bloc;
- }
-
--void Huff_setBloc(int _bloc)
--{
-+void Huff_setBloc( int _bloc ) {
- bloc = _bloc;
- }
-
--int Huff_getBit( byte *fin, int *offset ) {
-+int Huff_getBit( byte *fin, int *offset ) {
- int t;
- bloc = *offset;
- t = ( fin[( bloc >> 3 )] >> ( bloc & 7 ) ) & 0x1;
-@@ -286,9 +284,14 @@ int Huff_Receive( node_t *node, int *ch, byte *fin ) {
- }
-
- /* Get a symbol */
--void Huff_offsetReceive( node_t *node, int *ch, byte *fin, int *offset ) {
-+void Huff_offsetReceive( node_t *node, int *ch, byte *fin, int *offset, int maxoffset ) {
- bloc = *offset;
- while ( node && node->symbol == INTERNAL_NODE ) {
-+ if ( bloc >= maxoffset ) {
-+ *ch = 0;
-+ *offset = maxoffset + 1;
-+ return;
-+ }
- if ( get_bit( fin ) ) {
- node = node->right;
- } else {
-@@ -305,11 +308,15 @@ void Huff_offsetReceive( node_t *node, int *ch, byte *fin, int *offset ) {
- }
-
- /* Send the prefix code for this node */
--static void send( node_t *node, node_t *child, byte *fout ) {
-+static void send( node_t *node, node_t *child, byte *fout, int maxoffset ) {
- if ( node->parent ) {
-- send( node->parent, node, fout );
-+ send( node->parent, node, fout, maxoffset );
- }
- if ( child ) {
-+ if ( bloc >= maxoffset ) {
-+ bloc = maxoffset + 1;
-+ return;
-+ }
- if ( node->right == child ) {
- add_bit( 1, fout );
- } else {
-@@ -319,22 +326,22 @@ static void send( node_t *node, node_t *child, byte *fout ) {
- }
-
- /* Send a symbol */
--void Huff_transmit( huff_t *huff, int ch, byte *fout ) {
-+void Huff_transmit( huff_t *huff, int ch, byte *fout, int maxoffset ) {
- int i;
- if ( huff->loc[ch] == NULL ) {
- /* node_t hasn't been transmitted, send a NYT, then the symbol */
-- Huff_transmit( huff, NYT, fout );
-+ Huff_transmit( huff, NYT, fout, maxoffset );
- for ( i = 7; i >= 0; i-- ) {
- add_bit( (char)( ( ch >> i ) & 0x1 ), fout );
- }
- } else {
-- send( huff->loc[ch], NULL, fout );
-+ send( huff->loc[ch], NULL, fout, maxoffset );
- }
- }
-
--void Huff_offsetTransmit( huff_t *huff, int ch, byte *fout, int *offset ) {
-+void Huff_offsetTransmit( huff_t *huff, int ch, byte *fout, int *offset, int maxoffset ) {
- bloc = *offset;
-- send( huff->loc[ch], NULL, fout );
-+ send( huff->loc[ch], NULL, fout, maxoffset );
- *offset = bloc;
- }
-
-@@ -374,17 +381,17 @@ void Huff_Decompress( msg_t *mbuf, int offset ) {
- seq[j] = 0;
- break;
- }
-- Huff_Receive( huff.tree, &ch, buffer ); /* Get a character */
-- if ( ch == NYT ) { /* We got a NYT, get the symbol associated with it */
-+ Huff_Receive( huff.tree, &ch, buffer ); /* Get a character */
-+ if ( ch == NYT ) { /* We got a NYT, get the symbol associated with it */
- ch = 0;
- for ( i = 0; i < 8; i++ ) {
- ch = ( ch << 1 ) + get_bit( buffer );
- }
- }
-
-- seq[j] = ch; /* Write symbol */
-+ seq[j] = ch; /* Write symbol */
-
-- Huff_addRef( &huff, (byte)ch ); /* Increment node */
-+ Huff_addRef( &huff, (byte)ch ); /* Increment node */
- }
- mbuf->cursize = cch + offset;
- Com_Memcpy( mbuf->data + offset, seq, cch );
-@@ -420,11 +427,11 @@ void Huff_Compress( msg_t *mbuf, int offset ) {
-
- for ( i = 0; i < size; i++ ) {
- ch = buffer[i];
-- Huff_transmit( &huff, ch, seq ); /* Transmit symbol */
-- Huff_addRef( &huff, (byte)ch ); /* Do update */
-+ Huff_transmit( &huff, ch, seq, size << 3 ); /* Transmit symbol */
-+ Huff_addRef( &huff, (byte)ch ); /* Do update */
- }
-
-- bloc += 8; // next byte
-+ bloc += 8; // next byte
-
- mbuf->cursize = ( bloc >> 3 ) + offset;
- Com_Memcpy( mbuf->data + offset, seq, ( bloc >> 3 ) );
-diff --git a/SP/code/qcommon/msg.c b/SP/code/qcommon/msg.c
-index 350cfd0..f88e88c 100644
---- a/SP/code/qcommon/msg.c
-+++ b/SP/code/qcommon/msg.c
-@@ -87,14 +87,13 @@ void MSG_BeginReadingOOB( msg_t *msg ) {
- msg->oob = qtrue;
- }
-
--void MSG_Copy(msg_t *buf, byte *data, int length, msg_t *src)
--{
-- if (length<src->cursize) {
-- Com_Error( ERR_DROP, "MSG_Copy: can't copy into a smaller msg_t buffer");
-+void MSG_Copy( msg_t *buf, byte *data, int length, msg_t *src ) {
-+ if ( length < src->cursize ) {
-+ Com_Error( ERR_DROP, "MSG_Copy: can't copy into a smaller msg_t buffer" );
- }
-- Com_Memcpy(buf, src, sizeof(msg_t));
-+ Com_Memcpy( buf, src, sizeof( msg_t ) );
- buf->data = data;
-- Com_Memcpy(buf->data, src->data, src->cursize);
-+ Com_Memcpy( buf->data, src->data, src->cursize );
- }
-
- /*
-@@ -111,9 +110,8 @@ void MSG_WriteBits( msg_t *msg, int value, int bits ) {
-
- oldsize += bits;
-
-- // this isn't an exact overflow check, but close enough
-- if ( msg->maxsize - msg->cursize < 4 ) {
-- msg->overflowed = qtrue;
-+
-+ if ( msg->overflowed ) {
- return;
- }
-
-@@ -125,13 +123,18 @@ void MSG_WriteBits( msg_t *msg, int value, int bits ) {
- bits = -bits;
- }
- if ( msg->oob ) {
-+ if ( msg->cursize + ( bits >> 3 ) > msg->maxsize ) {
-+ msg->overflowed = qtrue;
-+ return;
-+ }
-+
- if ( bits == 8 ) {
- msg->data[msg->cursize] = value;
- msg->cursize += 1;
- msg->bit += 8;
- } else if ( bits == 16 ) {
- short temp = value;
--
-+
- CopyLittleShort(&msg->data[msg->cursize], &temp);
- msg->cursize += 2;
- msg->bit += 16;
-@@ -147,6 +150,10 @@ void MSG_WriteBits( msg_t *msg, int value, int bits ) {
- if ( bits & 7 ) {
- int nbits;
- nbits = bits & 7;
-+ if ( msg->bit + nbits > msg->maxsize << 3 ) {
-+ msg->overflowed = qtrue;
-+ return;
-+ }
- for ( i = 0; i < nbits; i++ ) {
- Huff_putBit( ( value & 1 ), msg->data, &msg->bit );
- value = ( value >> 1 );
-@@ -155,8 +162,13 @@ void MSG_WriteBits( msg_t *msg, int value, int bits ) {
- }
- if ( bits ) {
- for ( i = 0; i < bits; i += 8 ) {
-- Huff_offsetTransmit( &msgHuff.compressor, ( value & 0xff ), msg->data, &msg->bit );
-+ Huff_offsetTransmit( &msgHuff.compressor, ( value & 0xff ), msg->data, &msg->bit, msg->maxsize << 3 );
- value = ( value >> 8 );
-+
-+ if ( msg->bit > msg->maxsize << 3 ) {
-+ msg->overflowed = qtrue;
-+ return;
-+ }
- }
- }
- msg->cursize = ( msg->bit >> 3 ) + 1;
-@@ -170,6 +182,10 @@ int MSG_ReadBits( msg_t *msg, int bits ) {
- int i, nbits;
- // FILE* fp;
-
-+ if ( msg->readcount > msg->cursize ) {
-+ return 0;
-+ }
-+
- value = 0;
-
- if ( bits < 0 ) {
-@@ -180,6 +196,11 @@ int MSG_ReadBits( msg_t *msg, int bits ) {
- }
-
- if ( msg->oob ) {
-+ if ( msg->readcount + ( bits >> 3 ) > msg->cursize ) {
-+ msg->readcount = msg->cursize + 1;
-+ return 0;
-+ }
-+
- if ( bits == 8 ) {
- value = msg->data[msg->readcount];
- msg->readcount += 1;
-@@ -202,6 +223,10 @@ int MSG_ReadBits( msg_t *msg, int bits ) {
- nbits = 0;
- if ( bits & 7 ) {
- nbits = bits & 7;
-+ if ( msg->bit + nbits > msg->cursize << 3 ) {
-+ msg->readcount = msg->cursize + 1;
-+ return 0;
-+ }
- for ( i = 0; i < nbits; i++ ) {
- value |= ( Huff_getBit( msg->data, &msg->bit ) << i );
- }
-@@ -210,9 +235,14 @@ int MSG_ReadBits( msg_t *msg, int bits ) {
- if ( bits ) {
- // fp = fopen("c:\\netchan.bin", "a");
- for ( i = 0; i < bits; i += 8 ) {
-- Huff_offsetReceive( msgHuff.decompressor.tree, &get, msg->data, &msg->bit );
-+ Huff_offsetReceive( msgHuff.decompressor.tree, &get, msg->data, &msg->bit, msg->cursize << 3 );
- // fwrite(&get, 1, 1, fp);
- value |= ( get << ( i + nbits ) );
-+
-+ if ( msg->bit > msg->cursize << 3 ) {
-+ msg->readcount = msg->cursize + 1;
-+ return 0;
-+ }
- }
- // fclose(fp);
- }
-@@ -607,7 +637,7 @@ void MSG_WriteDeltaKey( msg_t *msg, int key, int oldV, int newV, int bits ) {
-
- int MSG_ReadDeltaKey( msg_t *msg, int key, int oldV, int bits ) {
- if ( MSG_ReadBits( msg, 1 ) ) {
-- return MSG_ReadBits( msg, bits ) ^ ( key & kbitmask[bits - 1] );
-+ return MSG_ReadBits( msg, bits ) ^ ( key & kbitmask[ bits - 1 ] );
- }
- return oldV;
- }
-@@ -643,9 +673,9 @@ usercmd_t communication
- */
-
- /*
--=====================
-+========================
- MSG_WriteDeltaUsercmdKey
--=====================
-+========================
- */
- void MSG_WriteDeltaUsercmdKey( msg_t *msg, int key, usercmd_t *from, usercmd_t *to ) {
- if ( to->serverTime - from->serverTime < 256 ) {
-@@ -690,9 +720,9 @@ void MSG_WriteDeltaUsercmdKey( msg_t *msg, int key, usercmd_t *from, usercmd_t *
-
-
- /*
--=====================
-+=======================
- MSG_ReadDeltaUsercmdKey
--=====================
-+=======================
- */
- void MSG_ReadDeltaUsercmdKey( msg_t *msg, int key, usercmd_t *from, usercmd_t *to ) {
- if ( MSG_ReadBits( msg, 1 ) ) {
-@@ -896,7 +926,6 @@ void MSG_ReportChangeVectors_f( void ) {
- #endif
- }
-
--
- typedef struct {
- char *name;
- int offset;
-diff --git a/SP/code/qcommon/qcommon.h b/SP/code/qcommon/qcommon.h
-index dbe6283..f516744 100644
---- a/SP/code/qcommon/qcommon.h
-+++ b/SP/code/qcommon/qcommon.h
-@@ -1243,9 +1243,9 @@ void Huff_Decompress( msg_t *buf, int offset );
- void Huff_Init( huffman_t *huff );
- void Huff_addRef( huff_t* huff, byte ch );
- int Huff_Receive( node_t *node, int *ch, byte *fin );
--void Huff_transmit( huff_t *huff, int ch, byte *fout );
--void Huff_offsetReceive( node_t *node, int *ch, byte *fin, int *offset );
--void Huff_offsetTransmit( huff_t *huff, int ch, byte *fout, int *offset );
-+void Huff_transmit( huff_t *huff, int ch, byte *fout, int maxoffset );
-+void Huff_offsetReceive( node_t *node, int *ch, byte *fin, int *offset, int maxoffset );
-+void Huff_offsetTransmit( huff_t *huff, int ch, byte *fout, int *offset, int maxoffset );
- void Huff_putBit( int bit, byte *fout, int *offset );
- int Huff_getBit( byte *fout, int *offset );
-
diff --git a/debian/patches/series b/debian/patches/series
index c5b6f15..68767f6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,3 @@
-1.52/All-Fix-improve-buffer-overflow-in-MSG_ReadBits-MSG_Write.patch
debian/Disable-client-side-auto-download-by-default.patch
debian/File-access-methods-prevent-overwriting-DLLs-CVE-201.patch
debian/Remove-support-for-downloading-executable-updates.patch
diff --git a/debian/rules b/debian/rules
index 02587fe..3a47681 100755
--- a/debian/rules
+++ b/debian/rules
@@ -125,7 +125,7 @@ maintainer-update-icons: \
ORIG_SOURCE = iortcw
ORIG_REPO ?= https://github.com/iortcw/iortcw
-ORIG_REL = 1.51
+ORIG_REL = 1.51b
ORIG_REV = $(ORIG_REL)
ORIG_DATE =
ORIG_SUFFIX = +dfsg1
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/iortcw.git
More information about the Pkg-games-commits
mailing list