From 72026f92cb54eff1c1aec4fe9aea18fbec130325 Mon Sep 17 00:00:00 2001 From: "alexey.lysiuk" Date: Fri, 30 Jun 2023 18:13:39 +0300 Subject: [PATCH] Fix #740: fix out-of-bound reads when handling type sizes Loading progs.dat that uses FTE extensions types causes undefined behavior when saving games or printing edicts to console --- Quake/pr_edict.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Quake/pr_edict.c b/Quake/pr_edict.c index e784151a..8228a933 100644 --- a/Quake/pr_edict.c +++ b/Quake/pr_edict.c @@ -843,6 +843,9 @@ void ED_Write (FILE *f, edict_t *ed) if (type & DEF_SAVEGLOBAL) continue; + if (type >= NUM_TYPE_SIZES) + continue; + name = PR_GetString (d->s_name); j = strlen (name); if (j > 1 && name[j - 2] == '_')