This fixes a crash/exception that would occur when getting disconnected from your own listenserver due to the playlists reload task dispatch. Moving this to client only code, in the disconnect routine (post disconnect) fixes this problem.
Required for overriding memalloc callbacks in libraries to feature the game's implementation instead. Named using the 'R_' prefix, as the 'V_' versions were already used.
- Disable function inlining entirely, this allows for much easier hooking between engine and SDK code (the compiled code is now identical between engine and SDK, except that the SDK has all relevant security problems patched as per https://curl.se/docs/vuln-7.54.0.html).
- Enable buffer security checks to avoid potential remote attacks.
Previously, it was all controlled from the global init (applied to all projects), but some projects need different options. With these changes, you can disable the common options applied in the 'add_module' macro, and set your own if desired.
The shutdown patch from commit '48c2401c' created another bug where all inputs get collated, and once drawn, emitted to the ImGui interfaces. The patch has been undone, and the 'ImGui_ImplDX11_Shutdown()' call has been placed before 'ImGui_ImplWin32_Shutdown()', as this was how it was performed according to the official documentation and examples provided by Dear ImGui. The call 'ImGui::DestroyContext()' has also been added (taken from the examples). Removed redundant static global bool.
Fix a rare crash that occurs in AMD driver code, when ImGui shutdown was called. The crash did not occur if the library was shutdown after having rendered one of the ImGui panels for one frame. The fix is to just never call 'ImGui_ImplDX11_NewFrame()', 'ImGui_ImplWin32_NewFrame()' and 'ImGui::NewFrame()', 'ImGui::EndFrame()', 'ImGui::Render()' if none of the windows are visible. code has been tested on a system that would trigger the crash, and after the patch, the crash no longer happened.
Fix several exploitable bugs in the CUserCmd class. Some of these have been used to exploit/cheat in-game. Fixes contain:
- Camera position clamping (the only patch that hasn't been tested yet!)
- Weapon activity exploit, allowing player to infinitely throw ordnances, and perform other 'cheats'.
- Akimbo exploit + server crasher, allowing client to set multiple inventory weapons as active. The active weapon index bounds were also not checked, a properly crafter CUserCmd message would therefore be able to crash the server.
Note that this does not fix all issues related to the UserCmd class; further reversing and testing revealed there is more to be fixed, these fixes will get implemented with a future commit.
Merge: curl/curl@139a54ed0a
Note: protocol compare couldn't be added, as this would require adding a new member in the state structure, and therefore, break compatibility with the structures in the compiled executable (breaking the ability to hook any of its code). This fix should be sufficient however.
Merge: curl/curl@7214288898
Note: The 'CURLU' class does not exist in this particular version of curl, therefore, an alternative approach has been incorporated to mitigate the issue. Code has been tested, and the issue has been fixed.
Merge: curl/curl@69a358f218
Note: due to the many updates between the curl version this has been fixed in, and the one used in the SDK, the function was slightly different. The code has been tested however, after implementing the fix for this particular version of the library, the code appears to work perfectly with the vuln being fixed (tested on an FTP server with 10k files in the directory).
Merge: curl/curl@3c9e021f86
Note: Member order in 'connfind' has been left identical, except for that 'found' (now 'id_tofind') is a long. Code however, should pad it to a 4 byte boundary. Size of 'UrlState' has also remained unchanged, the 'connectdata' member has been renamed to 'lastconnect_id', and its type has been changed to 'long'. Additional padding has been incorporated to make sure the structure's size remains the same as that of the game, may we ever hook compiled code with ours.
