R5Reloaded/r5sdk
1
0
Fork 0
mirror of https://github.com/Mauler125/r5sdk.git synced 2025-02-09 19:15:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix security flaws in use of format strings

Browse Source 
In all cases, the string is already formatted by the time that DrawColoredText is called, so we must make sure that an invalid format specifier cannot be placed inside the string as this can cause arbitrary memory reading and potentially crashes
This commit is contained in:
rexx 2023-04-08 18:42:20 +01:00
parent f09bdc472b
commit cebca2ca04
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
r5dev/vgui/vgui_debugpanel.cpp
View File

@ -106,7 +106,7 @@ void CTextOverlay::DrawNotify(void)
c[3] = 255;
}
CMatSystemSurface_DrawColoredText(g_pMatSystemSurface, v_Rui_GetFontFace(),
m_nFontHeight, x, y, c.r(), c.g(), c.b(), c.a(), m_vNotifyText[i].m_svMessage.c_str());
m_nFontHeight, x, y, c.r(), c.g(), c.b(), c.a(), "%s", m_vNotifyText[i].m_svMessage.c_str());
if (IsX360())
{
@ -140,7 +140,7 @@ void CTextOverlay::DrawFormat(const int x, const int y, const Color c, const cha
va_end(args);
}/////////////////////////////
CMatSystemSurface_DrawColoredText(g_pMatSystemSurface, v_Rui_GetFontFace(), m_nFontHeight, x, y, c.r(), c.g(), c.b(), c.a(), szLogbuf);
CMatSystemSurface_DrawColoredText(g_pMatSystemSurface, v_Rui_GetFontFace(), m_nFontHeight, x, y, c.r(), c.g(), c.b(), c.a(), "%s", szLogbuf);
}
//-----------------------------------------------------------------------------
@ -188,7 +188,7 @@ void CTextOverlay::Con_NPrintf(void)
const int nWidth = cl_notify_invert_x->GetBool() ? g_nWindowRect[0] - cl_notify_offset_x->GetInt() : cl_notify_offset_x->GetInt() + m_nCon_NPrintf_Idx * m_nFontHeight;
const int nHeight = cl_notify_invert_y->GetBool() ? g_nWindowRect[1] - cl_notify_offset_y->GetInt() : cl_notify_offset_y->GetInt();
CMatSystemSurface_DrawColoredText(g_pMatSystemSurface, v_Rui_GetFontFace(), m_nFontHeight, nWidth, nHeight, c.r(), c.g(), c.b(), c.a(), m_szCon_NPrintf_Buf);
CMatSystemSurface_DrawColoredText(g_pMatSystemSurface, v_Rui_GetFontFace(), m_nFontHeight, nWidth, nHeight, c.r(), c.g(), c.b(), c.a(), "%s", m_szCon_NPrintf_Buf);
m_nCon_NPrintf_Idx = 0;
m_szCon_NPrintf_Buf[0] = '\0';
@ -248,7 +248,7 @@ void CTextOverlay::DrawStreamOverlay(void) const
static const Color c = { 255, 255, 255, 255 };
GetStreamOverlay(stream_overlay_mode->GetString(), szLogbuf, sizeof(szLogbuf));
CMatSystemSurface_DrawColoredText(g_pMatSystemSurface, v_Rui_GetFontFace(), m_nFontHeight, 20, 300, c.r(), c.g(), c.b(), c.a(), szLogbuf);
CMatSystemSurface_DrawColoredText(g_pMatSystemSurface, v_Rui_GetFontFace(), m_nFontHeight, 20, 300, c.r(), c.g(), c.b(), c.a(), "%s", szLogbuf);
}
//-----------------------------------------------------------------------------