Yesterday, when playing around with my network code, I realized there is
a security issue in decode_variant, at least when decoding PoolArrays.
Basically, the size of the PoolArray is encoded in a uint32_t, when
decoding it, that value is cast to int when comparing if the packet is
actually that size causing numbers with MSB=1 to be interpreted as
negative thus always passing the check. That same value though, is used
as uint32_t again to resize the output vector. For this reason, sending
a malformed packet with declared type PoolByteArray and size of 2^31(+x)
causes the engine to try to allocate 2+GB of pool memory, causing the
engine to crash.
Same as erase, but it returns a boolean value indicating whether the pair was erased or not.
This method should be removed during the next compatibility breakage, and 'Dictionary::erase(key)' should be changed to return a boolean.
(cherry picked from commit 2f69e36cef)
Fix bug where Basis.Transposed() incorrectly updated local basis, and
returned an unmodified copy. This also fixes Transform.Inverse().
(cherry picked from commit 7a4d593198)
I've removed the section about being unable to export games using C# - as you are now able to do this, as long as the export templates are installed. Also, I've made a few minor grammar tweaks.
(cherry picked from commit 69530ef614)
On macOS, it is common to install packages like Mono through the third-party
package-manager Homebrew. This commit simply adds an additional path to
where Homebrew installs the Mono framework.
(cherry picked from commit 39aabba0a9)
Adds code in RasterizerStorageDummy to store off mesh surface information,
rather than just throwing it away. Without this, all surface arrays were
just defaulting to empty when the packed scene was written.
(cherry picked from commit 5b639269a2)
_ALWAYS_INLINE_ and _FORCE_INLINE_ are now equivalent for debug and
non-debug builds. This is a lot faster for Vector in the editor and
while running tests. The reason why this difference used to exist is
because force-inlined methods used to give a bad debugging experience.
After extensive testing with modern compilers this is no longer the
case.
New contributor added to AUTHORS:
@JFonS
Also updated alphabetically sorting with `sort -d`.
Thanks to all contributors and donors for making Godot possible!
[ci skip]
(cherry picked from commit b631306de1)
Instead of editing the placeholder permissions actually write new ones.
This should solve the privacy statement problems for the Play store.
This means we also no longer need to placeholder permissions in the
template.
(cherry picked from commit 2a126242dd)
Hein-Pieter van Braam
Fabio Alessandrelli
Ignacio Etcheverry
Rémi Verschelde
Aaron Franke
Pieter-Jan Briers
oisincar
Mads Ynddal
Kelly Thomas
Nathan Warden
Josh Faust
chanon
Chaosus
Konstantin Zaitsev
Michael Lee
Marcelo Fernandez
Pedro J. Estébanez
bruvzg
Rodolfo Ribeiro Gomes
volzhs