remove prvm_boundscheck cvar (security hole) and force bounds check on unless DP...

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@7940 d7cf8633-e32d-0410-b094-e92efae38249

diff --git a/prvm_edict.c b/prvm_edict.c
index f752f9e743f3d7116e1d022088719bca0569ccce..38062060f598d0f630a16dc8785b73e0bcef5d2b 100644 (file)
--- a/prvm_edict.c
+++ b/prvm_edict.c
@@ -32,7 +32,9 @@ ddef_t *PRVM_ED_FieldAtOfs(int ofs);
 qboolean PRVM_ED_ParseEpair(prvm_edict_t *ent, ddef_t *key, const char *s);
 
 // LordHavoc: optional runtime bounds checking (speed drain, but worth it for security, on by default - breaks most QCCX features (used by CRMod and others))
+#ifdef PRVM_BOUNDSCHECK_CVAR
 cvar_t prvm_boundscheck = {0, "prvm_boundscheck", "1", "enables detection of out of bounds memory access in the QuakeC code being run (in other words, prevents really exceedingly bad QuakeC code from doing nasty things to your computer)"};
+#endif
 // LordHavoc: prints every opcode as it executes - warning: this is significant spew
 cvar_t prvm_traceqc = {0, "prvm_traceqc", "0", "prints every QuakeC statement as it is executed (only for really thorough debugging!)"};
 // LordHavoc: counts usage of each QuakeC statement
@@ -2040,7 +2042,9 @@ void PRVM_Init (void)
        Cmd_AddCommand ("menu_cmd", PRVM_GameCommand_Menu_f, "calls the menu QC function GameCommand with the supplied string as argument");
        Cmd_AddCommand ("sv_cmd", PRVM_GameCommand_Server_f, "calls the server QC function GameCommand with the supplied string as argument");
        // LordHavoc: optional runtime bounds checking (speed drain, but worth it for security, on by default - breaks most QCCX features (used by CRMod and others))
+#ifdef PRVM_BOUNDSCHECK_CVAR
        Cvar_RegisterVariable (&prvm_boundscheck);
+#endif
        Cvar_RegisterVariable (&prvm_traceqc);
        Cvar_RegisterVariable (&prvm_statementprofiling);
        Cvar_RegisterVariable (&prvm_backtraceforwarnings);

diff --git a/prvm_exec.c b/prvm_exec.c
index 80287cab1ae37ea8054bf2f573df5409fcfc38de..a14c17d3ca2d063f584990e2c26462c99e2e226d 100644 (file)
--- a/prvm_exec.c
+++ b/prvm_exec.c
@@ -545,7 +545,9 @@ PRVM_ExecuteProgram
 #define OPA ((prvm_eval_t *)&prog->globals.generic[(unsigned short) st->a])
 #define OPB ((prvm_eval_t *)&prog->globals.generic[(unsigned short) st->b])
 #define OPC ((prvm_eval_t *)&prog->globals.generic[(unsigned short) st->c])
+#ifdef PRVM_BOUNDSCHECK_CVAR
 extern cvar_t prvm_boundscheck;
+#endif
 extern cvar_t prvm_traceqc;
 extern cvar_t prvm_statementprofiling;
 extern sizebuf_t vm_tempstringsbuf;
@@ -594,7 +596,9 @@ chooseexecprogram:
        if (prvm_statementprofiling.integer)
        {
 #define PRVMSTATEMENTPROFILING 1
+#ifdef PRVM_BOUNDSCHECK_CVAR
                if (prvm_boundscheck.integer)
+#endif
                {
 #define PRVMBOUNDSCHECK 1
                        if (prog->trace)
@@ -609,6 +613,7 @@ chooseexecprogram:
                        }
 #undef PRVMBOUNDSCHECK
                }
+#ifdef PRVM_BOUNDSCHECK_CVAR
                else
                {
                        if (prog->trace)
@@ -622,11 +627,14 @@ chooseexecprogram:
 #include "prvm_execprogram.h"
                        }
                }
+#endif
 #undef PRVMSTATEMENTPROFILING
        }
        else
        {
+#ifdef PRVM_BOUNDSCHECK_CVAR
                if (prvm_boundscheck.integer)
+#endif
                {
 #define PRVMBOUNDSCHECK 1
                        if (prog->trace)
@@ -641,6 +649,7 @@ chooseexecprogram:
                        }
 #undef PRVMBOUNDSCHECK
                }
+#ifdef PRVM_BOUNDSCHECK_CVAR
                else
                {
                        if (prog->trace)
@@ -654,6 +663,7 @@ chooseexecprogram:
 #include "prvm_execprogram.h"
                        }
                }
+#endif
        }
 
 cleanup: