Skip to content

The specific content length of the 'ents' script file (multiples of 32) may force the game to shut down #165

New issue
New issue
Open
Open
The specific content length of the 'ents' script file (multiples of 32) may force the game to shut down#165
@C-ColinTH

Description

@C-ColinTH
C-ColinTH
opened on Dec 9, 2025

It's a Memory Pool Out-of-Bounds Read issue. When the length of the allocated string is exactly a multiple of 32, this problem can occur.

This issue occurred during the loading process of the SFM map on Elite Guard that was updated a few days ago.
Its "sfm.ents" file length is 7456, exactly a multiple of 32 (See void *G_Alloc( int size ) in "g_mem.c"), then in G_ParseExtraSpawnVars, It unexpectedly exceeded the bounds and read other string "holdable_bandages" from the memory pool. It triggered G_Error ("G_ParseExtraSpawnVars: EOF without closing brace");

Original content in ENTS:

...
{
"classname" "ai_partisan"
"origin" "829 -2897 -103"
"ainame" "ai_npc_partisan1"
"aiteam" "1"
"spawnflags" "1"
"skin" "partisan/civilian"
"head" "civilian"
"angle" "90"
}

Current content in variable level.extraEntsScript:

...
{
"classname" "ai_partisan"
"origin" "829 -2897 -103"
"ainame" "ai_npc_partisan1"
"aiteam" "1"
"spawnflags" "1"
"skin" "partisan/civilian"
"head" "civilian"
"angle" "90"
}

holdable_bandages

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions