From ec0907f7caecec25c18808d9504e87604a212567 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20K=C3=B6ppe?= <tkoeppe@google.com>
Date: Sun, 21 Jan 2018 01:54:24 +0000
Subject: [PATCH] Use standard "offsetof" facility rather than manual code
 involving null pointer dereferences.

---
 tools/quake3/common/polylib.c | 4 +++-
 tools/quake3/q3map2/brush.c   | 4 ++--
 tools/quake3/q3map2/q3map2.h  | 1 +
 tools/quake3/q3map2/vis.c     | 2 +-
 tools/quake3/q3map2/visflow.c | 2 +-
 5 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/tools/quake3/common/polylib.c b/tools/quake3/common/polylib.c
index ed4f8741..216ba072 100644
--- a/tools/quake3/common/polylib.c
+++ b/tools/quake3/common/polylib.c
@@ -20,6 +20,8 @@
  */
 
 
+#include <stddef.h>
+
 #include "cmdlib.h"
 #include "mathlib.h"
 #include "inout.h"
@@ -467,7 +469,7 @@ winding_t   *CopyWinding( winding_t *w ){
 	}
 
 	c = AllocWinding( w->numpoints );
-	size = (int)( (size_t)( (winding_t *)0 )->p[w->numpoints] );
+	size = offsetof( winding_t, p ) + sizeof( *w->p ) * w->numpoints;
 	memcpy( c, w, size );
 	return c;
 }
diff --git a/tools/quake3/q3map2/brush.c b/tools/quake3/q3map2/brush.c
index 5ce42eee..2bd4c0cf 100644
--- a/tools/quake3/q3map2/brush.c
+++ b/tools/quake3/q3map2/brush.c
@@ -128,7 +128,7 @@ void FreeBrush( brush_t *b ){
 		}
 
 	/* ydnar: overwrite it */
-	memset( b, 0xFE, (size_t)&( ( (brush_t*) 0 )->sides[ b->numsides ] ) );
+	memset( b, 0xFE, offsetof( brush_t, sides ) + sizeof( *b->sides ) * b->numsides );
 	*( (unsigned int*) b ) = 0xFEFEFEFE;
 
 	/* free it */
@@ -171,7 +171,7 @@ brush_t *CopyBrush( brush_t *brush ){
 
 
 	/* copy brush */
-	size = (size_t)&( ( (brush_t*) 0 )->sides[ brush->numsides ] );
+	size = offsetof( brush_t, sides ) + sizeof( *brush->sides ) * brush->numsides;
 	newBrush = AllocBrush( brush->numsides );
 	memcpy( newBrush, brush, size );
 
diff --git a/tools/quake3/q3map2/q3map2.h b/tools/quake3/q3map2/q3map2.h
index 680d715f..3a6e8e83 100644
--- a/tools/quake3/q3map2/q3map2.h
+++ b/tools/quake3/q3map2/q3map2.h
@@ -91,6 +91,7 @@ extern int unz_GAME_QL;
 #include "vfs.h"
 #include "png.h"
 
+#include <stddef.h>
 #include <stdlib.h>
 
 #define MIN(a, b) ((a) < (b) ? (a) : (b))
diff --git a/tools/quake3/q3map2/vis.c b/tools/quake3/q3map2/vis.c
index 43c9ffaa..64107c71 100644
--- a/tools/quake3/q3map2/vis.c
+++ b/tools/quake3/q3map2/vis.c
@@ -65,7 +65,7 @@ fixedWinding_t *NewFixedWinding( int points ){
 		Error( "NewWinding: %i points", points );
 	}
 
-	size = (int)( (size_t)( (fixedWinding_t *)0 )->points[points] );
+	size = offsetof( fixedWinding_t, points ) + sizeof( *w->points ) * points;
 	w = safe_malloc( size );
 	memset( w, 0, size );
 
diff --git a/tools/quake3/q3map2/visflow.c b/tools/quake3/q3map2/visflow.c
index 2c90f6c1..2664682c 100644
--- a/tools/quake3/q3map2/visflow.c
+++ b/tools/quake3/q3map2/visflow.c
@@ -1423,7 +1423,7 @@ void CreatePassages( int portalnum ){
 			/* ydnar: prefer correctness to stack overflow  */
 			//% memcpy( &in, p->winding, (int)((fixedWinding_t *)0)->points[p->winding->numpoints] );
 			if ( p->winding->numpoints <= MAX_POINTS_ON_FIXED_WINDING ) {
-				memcpy( &in, p->winding, (size_t) &( ( (fixedWinding_t*) 0 )->points[ p->winding->numpoints ] ) );
+				memcpy( &in, p->winding, offsetof( fixedWinding_t, points ) + sizeof( *p->winding->points ) * p->winding->numpoints );
 			}
 			else{
 				memcpy( &in, p->winding, sizeof( fixedWinding_t ) );