Valve: Unchecked weapon id in WeaponList message parser on client leads to RCE

Let's look at WeaponList message parser code in the HLSDK: cpp int CHudAmmo::MsgFuncWeaponListconst char pszName, int iSize, void pbuf BEGINREAD pbuf, iSize ; WEAPON Weapon; strcpy Weapon.szName, READSTRING ; Weapon.iAmmoType = intREADCHAR; Weapon.iMax1 = READBYTE; if Weapon.iMax1 == 255...