fix: incorrect maxlen retrieval in GetMessageData (caused buffer overflow)

s1lentq · s1lentq · commit 1d18ddbab8e0 · 2026-02-21T22:23:27.000+07:00
diff --git a/reapi/src/natives/natives_hookmessage.cpp b/reapi/src/natives/natives_hookmessage.cpp
@@ -260,7 +260,8 @@ cell AMX_NATIVE_CALL GetMessageData(AMX *amx, cell *params)
 				return FALSE;
 
 			const char *argString = g_activeMessageContext->getParamString(number);
-			setAmxString(dstAddr, argString ? argString : "", params[arg_maxlen]);
+			size_t maxlen = *getAmxAddr(amx, params[arg_maxlen]);
+			setAmxString(dstAddr, argString ? argString : "", maxlen);
 			return TRUE;
 		}
 		case IMessage::ParamType::Angle:
@@ -341,7 +342,8 @@ cell AMX_NATIVE_CALL GetMessageOrigData(AMX *amx, cell *params)
 				return FALSE;
 
 			const char *argString = g_activeMessageContext->getOriginalParamString(number);
-			setAmxString(dstAddr, argString ? argString : "", params[arg_maxlen]);
+			size_t maxlen = *getAmxAddr(amx, params[arg_maxlen]);
+			setAmxString(dstAddr, argString ? argString : "", maxlen);
 			return TRUE;
 		}
 		case IMessage::ParamType::Angle:
