Security vulnerabilities and automated fixes for game security issues
7 posts found
A high-severity vulnerability was discovered in `lvl_script_commands.c` where the use of the non-reentrant `strtok()` function during level script parsing created conditions for memory corruption and potential arbitrary code execution. The fix replaces all `strtok()` calls with the thread-safe `strtok_r()` variant, eliminating shared global state that could be exploited through maliciously crafted level files. This change is part of a broader effort to harden the game's script parsing pipeline a
A critical null pointer dereference vulnerability was discovered in `source/input.c`, where the `GetIRPointer()` function accessed WPAD controller data without first verifying the pointer was valid. An attacker or unexpected hardware state could trigger this flaw to crash the application or, in more sophisticated scenarios, redirect execution flow. The fix adds a single but essential NULL check before dereferencing the pointer, closing the door on this class of vulnerability entirely.
A series of unbounded `sprintf()` calls in `src/mainmenu.c` created a realistic buffer overflow attack chain, allowing an attacker to craft a malicious campaign file that triggers arbitrary code execution when loaded by a victim. The fix replaces each unsafe `sprintf()` with `snprintf()`, enforcing strict buffer size limits and eliminating the overflow conditions. Because campaign files are routinely shared in game communities, this vulnerability required no special access and posed a significan
A critical buffer overflow vulnerability was discovered and patched in `universe/command.c`, where four unbounded `sprintf` calls allowed attacker-controlled strings from simulation save files to overflow a fixed-size stack buffer. Left unpatched, this flaw could enable arbitrary code execution by anyone who could craft a malicious save file. The fix replaces dangerous `sprintf` calls with bounded alternatives, closing the door on a classic but still devastatingly effective class of memory corru
A critical buffer overflow vulnerability was discovered and patched in a bundled zlib123 library, where the use of unsafe sprintf() and vsprintf() functions allowed attackers to overwrite adjacent memory by supplying specially crafted compressed data. This type of vulnerability can lead to remote code execution, making it one of the most severe classes of security bugs in systems programming. The fix addresses the root cause by replacing or constraining the unsafe function calls that lacked buff
A critical buffer overflow vulnerability was discovered and patched in a shared C header file (common.h) used across an entire suite of games, where unbounded strcpy and strcat calls could allow attackers to overwrite stack memory and hijack program execution. The fix eliminates dangerous unbounded string operations, protecting every game binary that includes this shared header. Understanding this vulnerability is essential for any developer working with C/C++ string handling.
A critical stack buffer overflow vulnerability was discovered and patched in `game/g_spawn.c`, where five unchecked `sprintf()` calls wrote attacker-influenced data into fixed-size stack buffers, potentially enabling arbitrary code execution via crafted map files or network packets. The fix eliminates this unsafe pattern, closing a code path that could have allowed a malicious actor to overwrite the saved return address and hijack program control flow. Understanding this class of vulnerability i