Yesterday, when playing around with my network code, I realized there is
a security issue in decode_variant, at least when decoding PoolArrays.
Basically, the size of the PoolArray is encoded in a uint32_t, when
decoding it, that value is cast to int when comparing if the packet is
actually that size causing numbers with MSB=1 to be interpreted as
negative thus always passing the check. That same value though, is used
as uint32_t again to resize the output vector. For this reason, sending
a malformed packet with declared type PoolByteArray and size of 2^31(+x)
causes the engine to try to allocate 2+GB of pool memory, causing the
engine to crash.
This patch is a backport of the one initially written for the master
branch.
That year should bring the long-awaited OpenGL ES 3.0 compatible renderer
with state-of-the-art rendering techniques tuned to work as low as middle
end handheld devices - without compromising with the possibilities given
for higher end desktop games of course. Great times ahead for the Godot
community and the gamers that will play our games!
(cherry picked from commit c7bc44d5ad)
Fixes a bug that caused InputMap actions which have been set to joystick axes
not to work correctly on exported builds as the axis_value property wouldn't be serialized into engine.cfb.
See recent discussion in #49 (Post 121+)
-fix some menus
-fixed bug in out transition curves
-detect and remove file:/// in collada
-remove multiscript for now
-remove dependencies on mouse in OS, moved to Input
-avoid fscache from screwing up (fix might make it slower, but it works)
-funcref was missing, it's there now
Rémi Verschelde
Fabio Alessandrelli
Hinsbart
Hubert Jarosz
George Marques
Juan Linietsky
firefly2442
sanikoyes