gtkradiant/tools/quake3
Ricardo Barreira 5e308f9056
Fix undefined behavior in FreeStackWinding
Fix subtraction of unrelated pointers and integer overflow in FreeStackWinding (both are undefined behavior).

In rare cases "i" would non-deterministically be between 0 and 2 even though the
pointers were in unrelated addresses, which caused a spurious free of one of
the three windings - eventually the real free would happen, be detected as a
double free and an exit(1) would ensue.

Example contents of w and stack->windings that triggered this in a test: 0xa9251c0 0x7f440a924f78

Checking for pointer equality makes the behavior defined and correct: http://port70.net/~nsz/c/c99/n1256.html#6.5.9
2017-10-31 13:05:32 +00:00
..
common Fix warning variable bcHeight is used uninitialized 2017-08-18 02:18:31 +02:00
q3data fix warning 2017-08-20 15:04:49 -05:00
q3map2 Fix undefined behavior in FreeStackWinding 2017-10-31 13:05:32 +00:00