Chat text is broken

[SamVanheer]

This update breaks backwards compatibility with older way to fix it:

message_begin(MSG_ALL, get_user_msgid("SayText"));
write_byte(0);
write_string("%s"); // or %s1
write_string(message);
message_end();

Now (in 7561) it prints only " s" or " s1", but in 6153 (release) it worked fully correctly and accurate.
It is used in some plugins, so now they are broken. Also some plugins using "%s1 : %s2" construction.

Ideally, chat fix should only fix the crash ("%s0" infinite loop and "#Spec_Help_Text ..." chat buffer overflow), but not break backward compatibility.

TextMsg is affected too.

The bug with %s0 is located in CLocalizedStringTable::ConstructString. It checks that X in "%sX" is less or equal than the numFormatParameters, but doesn't check that X > 0.
When there is no "%sX" (but just "%s" or something else) in message then the client uses snwprintf. But snwprintf doesn't support the argument count check like ConstructString, so swnprintf can get the garbage from the stack and crash the client. So there should be used custom snwprintf implementation with argument count checking (they can copy code from CLocalizedStringTable::ConstructString and change the part of code with positional %s).

Original report from:
https://forums.alliedmods.net/showpost.php?p=2534523&postcount=70
https://forums.alliedmods.net/showpost.php?p=2534529&postcount=72

[GoRiLliAz]

+1

[csoyuncu]

fixed?