Yesterday, when playing around with my network code, I realized there is
a security issue in decode_variant, at least when decoding PoolArrays.
Basically, the size of the PoolArray is encoded in a uint32_t, when
decoding it, that value is cast to int when comparing if the packet is
actually that size causing numbers with MSB=1 to be interpreted as
negative thus always passing the check. That same value though, is used
as uint32_t again to resize the output vector. For this reason, sending
a malformed packet with declared type PoolByteArray and size of 2^31(+x)
causes the engine to try to allocate 2+GB of pool memory, causing the
engine to crash.
(cherry picked from commit 5262d1bbcc)
Using `misc/scripts/fix_headers.py` on all Godot files.
Some missing header guards were added, and the header inclusion order
was fixed in the Bullet module.
Currently we rely on some undefined behavior when Object->cast_to() gets
called with a Null pointer. This used to work fine with GCC < 6 but
newer versions of GCC remove all codepaths in which the this pointer is
Null. However, the non-static cast_to() was supposed to be null safe.
This patch makes cast_to() Null safe and removes the now redundant Null
checks where they existed.
It is explained in this article: https://www.viva64.com/en/b/0226/
I can show you the code
Pretty, with proper whitespace
Tell me, coder, now when did
You last write readable code?
I can open your eyes
Make you see your bad indent
Force you to respect the style
The core devs agreed upon
A whole new world
A new fantastic code format
A de facto standard
With some sugar
Enforced with clang-format
A whole new world
A dazzling style we all dreamed of
And when we read it through
It's crystal clear
That now we're in a whole new world of code
- Add FIXME tags comments to some unfixed potential bugs
- Remove some checks (always false: unsigned never < 0)
- Fix some if statements based on reviews.
- Bunch of missing `else` statements
That year should bring the long-awaited OpenGL ES 3.0 compatible renderer
with state-of-the-art rendering techniques tuned to work as low as middle
end handheld devices - without compromising with the possibilities given
for higher end desktop games of course. Great times ahead for the Godot
community and the gamers that will play our games!
-Most 2D drawing is implemented
-Missing shaders
-Missing all 3D
-Editor needs to be set on update always to be used, otherwise it does not refresh
-Large parts of editor not working
Fixes a bug that caused InputMap actions which have been set to joystick axes
not to work correctly on exported builds as the axis_value property wouldn't be serialized into engine.cfb.
See recent discussion in #49 (Post 121+)
-fix some menus
-fixed bug in out transition curves
-detect and remove file:/// in collada
-remove multiscript for now
-remove dependencies on mouse in OS, moved to Input
-avoid fscache from screwing up (fix might make it slower, but it works)
-funcref was missing, it's there now
Fabio Alessandrelli
Juan Linietsky
Andrew Dunai
Bernhard Liebl
Rémi Verschelde
Bojidar Marinov
Ferenc Arn
Leon Krause
Hein-Pieter van Braam
alexholly
Thaer Razeq
Hinsbart
Hubert Jarosz
George Marques
firefly2442
sanikoyes