Chat on our Discord Server
Get the latest version: 3.2Source Code
| Anonymous | Login | Signup for a new account | 2025-07-28 09:24 UTC |  |
| My View | View Issues | Change Log | Roadmap | All Projects Issue Support Ranking | Rules | My Account |
| View Revisions: Issue #1212 | [ All Revisions ] [ Back to Issue ] | ||
| Summary | 0001212: Hold tight to your seats: Blood map reading messes up numsectors | ||
| Revision | 2012-12-13 21:15 by Dusk | ||
| Description | This is quite a strange chain of events. Basically it seems that ZDoom can read Blood maps up to an extent, and what's up still remains functional. If someone tries to change to a map the engine deems worthy of checking whether's a Blood map, it does a series on checks on it (P_IsBuildMap) before loading it as such. However, this series of checks involves changing numsectors with it assuming it's a Blood map... the line of code in question is p_buildmap.cpp:162. The line is also duplicated later on. Here's the part which makes this a bit more scary: it seems that some lumps, ZDoom Wars' text file in particular, gets P_IsBuildMap'd. numsectors gets messed up and a crash is triggered by unlagged, which relies on numsectors in its sector building mode. This made the ZDoom Wars server on Grandvoid vulnerable. Two users found this and went as far to exploit it against another player, earning bans in the process... |
||
| Revision | 2012-12-13 21:13 by Dusk | ||
| Description | This is quite a strange chain of events. Basically it seems that ZDoom can read Blood maps up to an extent, and what's up still remains functional. If someone tries to change to a map the engine deems worthy of checking whether's a Blood map, it does a series on checks on it (P_IsBuildMap) before loading it as such. However, this series of checks involves changing numsectors with it assuming it's a Blood map... the line of code in question is p_buildmap.cpp:162. The line is also duplicated later on. Here's the part which makes this a bit more scary: it seems that some lumps, ZDoom Wars' text file in particular, gets P_IsBuildMap'd. numsectors gets messed up and a crash is triggered by unlagged, which relies on numsectors in its sector building mode. This made the ZDoom Wars server on Grandvoid vulnerable. A user found this and went as far to exploit it against another player, earning a ban in the process... |
||
| Copyright © 2000 - 2025 MantisBT Team |
 |
ZDoom
Doom Wiki
id Software
Doomworld
Odamex
Doomseeker
Internet Doom Explorer
The Sentinel's Playground Servers