Age | Commit message (Collapse) | Author |
|
likely many others
|
|
Yesterday, when playing around with my network code, I realized there is
a security issue in decode_variant, at least when decoding PoolArrays.
Basically, the size of the PoolArray is encoded in a uint32_t, when
decoding it, that value is cast to int when comparing if the packet is
actually that size causing numbers with MSB=1 to be interpreted as
negative thus always passing the check. That same value though, is used
as uint32_t again to resize the output vector. For this reason, sending
a malformed packet with declared type PoolByteArray and size of 2^31(+x)
causes the engine to try to allocate 2+GB of pool memory, causing the
engine to crash.
(cherry picked from commit 5262d1bbcc81a06db66ac45c3f75535f231268bc)
|
|
Fix various missing arguments in bindings.
|
|
This commit makes operator[] on Vector const and adds a write proxy to it. From
now on writes to Vectors need to happen through the .write proxy. So for
instance:
Vector<int> vec;
vec.push_back(10);
std::cout << vec[0] << std::endl;
vec.write[0] = 20;
Failing to use the .write proxy will cause a compilation error.
In addition COWable datatypes can now embed a CowData pointer to their data.
This means that String, CharString, and VMap no longer use or derive from
Vector.
_ALWAYS_INLINE_ and _FORCE_INLINE_ are now equivalent for debug and non-debug
builds. This is a lot faster for Vector in the editor and while running tests.
The reason why this difference used to exist is because force-inlined methods
used to give a bad debugging experience. After extensive testing with modern
compilers this is no longer the case.
|
|
Fixes #20375.
|
|
|
|
|
|
Added as extra parameter, allow you to specify which transfer mode to
use for those specific bytes
|
|
Before this change, missing User-Agent and Accept headers were automatically
added on all platforms. Setting the User-Agent header forces the browser to
do a CORS preflight (see 1) which fails if the HTTP endpoint is not
configured appropriate. It's not neccesary to set either header as the
browser sets them and so this commit disables that functionality on the JS
target.
1: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simple_requests
|
|
|
|
|
|
|
|
|
|
|
|
RPCMode refactor, more sync modes
|
|
|
|
Allow body-up-to-EOF HTTP responses
|
|
|
|
|
|
Implements the same heuristic as Curl (and web browsers): if no `Content-Length`, no `Connection: keep-alive` and no chunked transfer encoding, assume th rest of the data until EOF is the body, gracefully setting the HTTP client back to the disconnected state.
Theoretically, this is not compliant with HTTP 1.1, by which `keep-alive` is the default, but in practice, an explicit header is sent by servers.
|
|
|
|
|
|
Rename multiplayer_api to multiplayer, add docs
|
|
Checks on input_buffer in PacketPeerStream
|
|
|
|
Detects crash-related marshalling errors due to NAN values
|
|
fix API string path
|
|
|
|
|
|
This reverts commit b76ee30917c63211ac9e94a21bebbddf518d169f.
|
|
[RFC] MultiplayerAPI refactor
|
|
Enhance uri utils
|
|
Fixes moving files causes scene corruption
|
|
|
|
|
|
There was a percent-prefixed version, which was exposed, and a http-prefixed version which was not (only to GDNative).
This commit keeps the percent-prefixed versions, but with the http-prefixed implementations.
|
|
This commit fixes issue #17585: renaming/moving resources can corrupt
scene files. The corruption was caused by
'ResourceFormatLoaderBinary::rename_dependencies' updating the file
format version field of the affected scene file to the latest version
without actually updating the content of the file to that version,
resulting in a file whose content does not match its file format version
field. The fix preserves the file format version field and the engine
version fields when renaming dependencies.
|
|
When adding a directory path to the inventory of the pack, an empty file name was being added to the file list. That made `Directory.get_ntext()` signal end-of-list too early so that files in a subdirectory were missed.
Fixes #15801.
Helps with #16798.
|
|
Fix HTTPClient SNI support when verify is off
|
|
|
|
The name of the remote host is passed to mbed TLS in all cases so the client hello message is correctly formed.
|
|
Handles all the high level networking stuff
|
|
Found via `codespell -q 3 --skip="./thirdparty,./editor/translations" -I ../godot-word-whitelist.txt`
Whitelist consists of:
```
ang
doubleclick
lod
nd
que
te
unselect
```
|
|
|
|
Change function signature from float to double to match type get_doub…
|
|
|
|
Pass enabled arg
Rename set_nodelay to set_no_delay
Add description to the method
Change description
|
|
get_doubleCloses #16160
|
|
|
|
Using v1.11.0 from https://github.com/lucasdemarchi/codespell
|