Yesterday, when playing around with my network code, I realized there is
a security issue in decode_variant, at least when decoding PoolArrays.
Basically, the size of the PoolArray is encoded in a uint32_t, when
decoding it, that value is cast to int when comparing if the packet is
actually that size causing numbers with MSB=1 to be interpreted as
negative thus always passing the check. That same value though, is used
as uint32_t again to resize the output vector. For this reason, sending
a malformed packet with declared type PoolByteArray and size of 2^31(+x)
causes the engine to try to allocate 2+GB of pool memory, causing the
engine to crash.
This patch is a backport of the one initially written for the master
branch.
- Remove all references to the variable 'custom_mouse_cursor_hotspot' and 'custom_mouse_cursor' from the project settings.
- Indeed, to implement a custom cursor we need to define a sprite for each 'state' of the cursor. Using those variables in the projects settings would define only the _main_ cursor.
- Cleanup the VirtualServer (Remove references to cursor_set_visible, cursor_set_texture and cursor_set_pos)
- Cleanup the Input (set_mouse_in_window should not be used anymore)
- Update the documentation
- Implement it for windows, X11, Javascript, BB 10, OSx, iOS, server, android
- NOT IMPLEMENTED FOR WINRT (As of today, I'm not able to implement this one, this post might help)
- NOT IMPLEMENTED FOR HAIKU (Support of this platform seems perfunctory)
- Build it for Windows, Android and OSX
- Cherry picked #10662 and fixed merge conflicts.
- Manualy merged the change from #11904.
- Did not merge #12236 since I'm not sure whether the issue
affects Godot 2.1 and I don't have VS2013 to test.
- Did not merge #11843 since it doesn't seem relevant (the
code is only needed for creating DONORS.md, etc.).
- Did not merge #10727 and #11752 since they seem to be
already included in #11742.
- The Windows and Linux builds have been tested with Scons 3.0
using Python 3.
- OSX and iOS should hopefully work but are not tested since
I don't have a Mac.
- Builds using SCons 2.5 and Python 2 should not be impacted.
This backports the work in #7815 and the subsequent fixes in #8393
The following program now works as expected in this branch in both
release_debug and debug mode:
```gdscript
print(sqrt(-1))
print(sqrt(-1))
var simple1=asin(10.0)
var simple2=acos(10.0)
print(simple1)
print(simple2)
```
And successfully prints -nan 4 times
This fixes#9580 and fixes#8925
Fabio Alessandrelli
Rémi Verschelde
Bojidar Marinov
Rhody Lugo
dns
Xavier Sellier
Hein-Pieter van Braam
Juan Linietsky
Pedro J. Estébanez
James
marcelofg55
volzhs
sersoong
Matthias Hoelzl
Poommetee Ketson
Sipaha