Issues with running playdemo foo.dz when already extracting

[matthewearl]

If you run playdemo foo.dz; playdemo foo.dz, where foo.dz is any dzip file we get a crash:

(gdb) bt
#0  0x00007ffff7485294 in _IO_new_fclose (fp=0x0) at ./libio/iofclose.c:48
#1  0x00005555555643bc in CL_StopPlayback ()
    at /home/matt/joequake-kugelrund/trunk/cl_demo.c:107
#2  0x000055555556a8b3 in CL_Disconnect ()
    at /home/matt/joequake-kugelrund/trunk/cl_main.c:199
#3  0x0000555555565706 in CL_PlayDemo_f ()
    at /home/matt/joequake-kugelrund/trunk/cl_demo.c:696
#4  0x0000555555576b7b in Cmd_ExecuteString (text=0x7fffffffd6a0 "playdemo e1m6_ken.dz", 
    src=src_command) at /home/matt/joequake-kugelrund/trunk/cmd.c:859
#5  0x000055555557530d in Cbuf_Execute () at /home/matt/joequake-kugelrund/trunk/cmd.c:172
#6  0x00005555555c7dad in _Host_Frame (time=1.0000000010279564e-06)
    at /home/matt/joequake-kugelrund/trunk/host.c:746
#7  0x00005555555c8210 in Host_Frame (time=1.0000000010279564e-06)
    at /home/matt/joequake-kugelrund/trunk/host.c:895
#8  0x00005555556172d2 in main (argc=3, argv=0x7fffffffdcf8)
    at /home/matt/joequake-kugelrund/trunk/sys_linux.c:332

This is because when a dzip is extracting, cls.demoplayback is true, but cls.demofile is null. There is the obvious fix of guarding the fclose call:

diff --git a/trunk/cl_demo.c b/trunk/cl_demo.c
index 9b4f59c..fd60c96 100644
--- a/trunk/cl_demo.c
+++ b/trunk/cl_demo.c
@@ -104,7 +104,8 @@ void CL_StopPlayback (void)
        if (!cls.demoplayback)
                return;
 
-       fclose (cls.demofile);
+       if (cls.demofile)
+               fclose (cls.demofile);
        cls.demoplayback = false;
        cls.demofile = NULL;
        cls.state = ca_disconnected;

This stops the crash, but we get into a state where dzip is perpetually extracting, or at least claims to be:

]playdemo e1m6_ken.dz; playdemo e1m6_ken.dz
[Detaching after fork from child process 117777]
waitpid(117777)
/home/matt/quake-light/joequake/e1m6_ken.dz created using v3.0
extracting e1m6_ken.dem
extracting e1m6_ken.txt

[02]
unpacking demo. please wait...

Cannot unpack -- DZip is still running!
]playdemo e1m6_ken.dz
Cannot unpack -- DZip is still running!

This happens because we call CL_Disconnect from the second playdemo. This stops us calling CL_GetMessage, which is where the polling for dzip extraction is done.

I reckon there are two possible fixes:

• Stop playdemo commands from running, and any other commands that invoke CL_Disconnect while a dzip extract is in progress.
• Poll for dzip extraction in _Host_Frame rather than CL_GetMessage.

I realize this is something of a corner case but it could in theory be invoked by a malicious dem file with an embedded stuff command to run playdemo foo.dz; playdemo foo.dz.