mirror of
https://bitbucket.org/CPMADevs/cnq3
synced 2025-02-01 21:30:57 +00:00
d6f77a9b35
also increased the buffer's size (e.g. to draw all chars in the console in 4K) one of the crashes happens in R_SortDrawSurfs: -> render command list is too full -> RE_EndFrame returns early because it can't allocate RC_SWAP_BUFFERS -> R_ClearFrame in RE_EndFrame doesn't get called -> the next frame starts with r_firstSceneDrawSurf etc. not being reset to 0 -> r_firstSceneDrawSurf becomes really close to the maximum draw surface limit -> the draw surface list is iterated incorrectly (no wrapping handled) -> we fetch a draw surface we shouldn't -> its sort key gets decoded and we get an invalid sorted shader index -> we fetch a NULL shader at that index location -> we attempt to read shader->sort -> we crash reading address 76 -> 76 bytes is exactly the offset of the sort member into the shader_t struct |
||
|---|---|---|
| .. | ||
| dxgi | ||
| hlsl | ||
| stb_image.cpp | ||
| stb_image.h | ||
| tr_backend.cpp | ||
| tr_backend_d3d11.cpp | ||
| tr_backend_gl2.cpp | ||
| tr_backend_gl3.cpp | ||
| tr_bsp.cpp | ||
| tr_cmds.cpp | ||
| tr_curve.cpp | ||
| tr_help.h | ||
| tr_image.cpp | ||
| tr_init.cpp | ||
| tr_light.cpp | ||
| tr_local.h | ||
| tr_main.cpp | ||
| tr_marks.cpp | ||
| tr_mesh.cpp | ||
| tr_model.cpp | ||
| tr_noise.cpp | ||
| tr_public.h | ||
| tr_scene.cpp | ||
| tr_shade.cpp | ||
| tr_shade_calc.cpp | ||
| tr_shader.cpp | ||
| tr_sky.cpp | ||
| tr_surface.cpp | ||
| tr_world.cpp | ||