Skip to content

Overlapping memory regions in strncpy when issuing rcon commands in localhost #107

Open
Open
Overlapping memory regions in strncpy when issuing rcon commands in localhost#107
Labels
Type: Bug
@Aciz

Description

@Aciz
Aciz
opened on Feb 14, 2026
Strncpy-param-overlap: memory ranges [0x562251302f80,0x562251302f8b) and [0x562251302f89, 0x562251302f94) overlap
  at 0x7f6fd331aece strncpy
  at 0x56224e59b9fa Q_strncpyz (q_shared.c:1527)
  at 0x56224e540978 Cmd_TokenizeString2 (cmd.c:692)
  at 0x56224e541a56 Cmd_TokenizeString (cmd.c:790)
  at 0x56224e541ee0 Cmd_ExecuteString (cmd.c:1008)
  at 0x56224e5c88ee SVC_RemoteCommand (sv_main.c:1157)
  at 0x56224e5c9d77 SV_ConnectionlessPacket (sv_main.c:1201)
  at 0x56224e5cabe0 SV_PacketEvent (sv_main.c:1246)
  at 0x56224e549694 Com_RunAndTimeServerPacket (common.c:2871)
  at 0x56224e54d6dc Com_EventLoop (common.c:2912)
  at 0x56224e54e312 Com_Frame (common.c:4650)
  at 0x56224e5d87ea main (unix_main.c:1373)
  at 0x7f6fd2a366c0
  at 0x7f6fd2a367f8 __libc_start_main
  at 0x56224e4be0e4 _start

To reproduce:

  • Set rconPassword, note the length.
  • Issue rcon command where the command argument is longer than the rcon password.

For example:

  • rconPassword foo
  • rcon say foobar - crash, foobar is longer than foo

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type: Bug

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions