Attempt to fix use after free bug

with precipitation mobjs on netgame load
This commit is contained in:
Ashnal 2022-09-10 13:29:18 -04:00
parent b2eff44dc4
commit 59fb3ed900
2 changed files with 28 additions and 8 deletions

View file

@ -10296,6 +10296,19 @@ void P_RemovePrecipMobj(precipmobj_t *mobj)
// Clearing out stuff for savegames // Clearing out stuff for savegames
void P_RemoveSavegameMobj(mobj_t *mobj) void P_RemoveSavegameMobj(mobj_t *mobj)
{
// unlink from sector and block lists
if (((thinker_t *)mobj)->function.acp1 == (actionf_p1)P_NullPrecipThinker)
{
P_UnsetPrecipThingPosition((precipmobj_t *)mobj);
if (precipsector_list)
{
P_DelPrecipSeclist(precipsector_list);
precipsector_list = NULL;
}
}
else
{ {
// unlink from sector and block lists // unlink from sector and block lists
P_UnsetThingPosition(mobj); P_UnsetThingPosition(mobj);
@ -10306,12 +10319,13 @@ void P_RemoveSavegameMobj(mobj_t *mobj)
P_DelSeclist(sector_list); P_DelSeclist(sector_list);
sector_list = NULL; sector_list = NULL;
} }
}
// stop any playing sound // stop any playing sound
S_StopSound(mobj); S_StopSound(mobj);
// free block // free block
P_RemoveThinker((thinker_t *)mobj); P_RemoveThinkerDelayed((thinker_t *)mobj); // Call directly here since we are calling P_InitThinkers
R_RemoveMobjInterpolator(mobj); R_RemoveMobjInterpolator(mobj);
} }

View file

@ -2166,6 +2166,12 @@ static void LoadMobjThinker(actionf_p1 thinker)
mobj->player->viewz = mobj->player->mo->z + mobj->player->viewheight; mobj->player->viewz = mobj->player->mo->z + mobj->player->viewheight;
} }
if (mobj->type == MT_SKYBOX)
if (mobj->spawnpoint->options & MTF_OBJECTSPECIAL)
skyboxmo[1] = mobj;
else
skyboxmo[0] = mobj;
P_AddThinker(&mobj->thinker); P_AddThinker(&mobj->thinker);
if (diff2 & MD2_WAYPOINTCAP) if (diff2 & MD2_WAYPOINTCAP)
@ -2666,7 +2672,7 @@ static void P_NetUnArchiveThinkers(void)
{ {
next = currentthinker->next; next = currentthinker->next;
if (currentthinker->function.acp1 == (actionf_p1)P_MobjThinker) if (currentthinker->function.acp1 == (actionf_p1)P_MobjThinker || currentthinker->function.acp1 == (actionf_p1)P_NullPrecipThinker)
P_RemoveSavegameMobj((mobj_t *)currentthinker); // item isn't saved, don't remove it P_RemoveSavegameMobj((mobj_t *)currentthinker); // item isn't saved, don't remove it
else else
Z_Free(currentthinker); Z_Free(currentthinker);