From 9013ceeacc9660fbe4f3dd2249a061dc77211929 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gustaf=20Alh=C3=A4ll?= <gustaf@hanicef.me>
Date: Wed, 1 Nov 2023 17:31:17 +0100
Subject: [PATCH 1/2] Fix buffer overflow when when fetching typenames on
 freeslots

---
 src/p_tick.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/p_tick.c b/src/p_tick.c
index 444b68d2f..b0155d780 100644
--- a/src/p_tick.c
+++ b/src/p_tick.c
@@ -236,6 +236,8 @@ static const char *MobjTypeName(const mobj_t *mobj)
 	{
 		if (mobj->thinker.debug_mobjtype != MT_NULL)
 		{
+			if (mobj->thinker.debug_mobjtype >= MT_FIRSTFREESLOT)
+				return "MT_FREESLOT";
 			return MOBJTYPE_LIST[mobj->thinker.debug_mobjtype];
 		}
 	}

From 7e8c0d87a2d616e5e916b230623a44c1248164ce Mon Sep 17 00:00:00 2001
From: Zwip-Zwap Zapony <zwipzwapzapony@gmail.com>
Date: Thu, 2 Nov 2023 21:21:05 +0000
Subject: [PATCH 2/2] Return freeslot name instead of MT_FREESLOT (thanks
 Zwip-Zwap_Zapony)

---
 src/p_tick.c | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/src/p_tick.c b/src/p_tick.c
index b0155d780..1c658bc1e 100644
--- a/src/p_tick.c
+++ b/src/p_tick.c
@@ -226,23 +226,22 @@ void P_AddThinker(const thinklistnum_t n, thinker_t *thinker)
 #ifdef PARANOIA
 static const char *MobjTypeName(const mobj_t *mobj)
 {
+	mobjtype_t type;
 	actionf_p1 p1 = mobj->thinker.function.acp1;
 
 	if (p1 == (actionf_p1)P_MobjThinker)
-	{
-		return MOBJTYPE_LIST[mobj->type];
-	}
-	else if (p1 == (actionf_p1)P_RemoveThinkerDelayed)
-	{
-		if (mobj->thinker.debug_mobjtype != MT_NULL)
-		{
-			if (mobj->thinker.debug_mobjtype >= MT_FIRSTFREESLOT)
-				return "MT_FREESLOT";
-			return MOBJTYPE_LIST[mobj->thinker.debug_mobjtype];
-		}
-	}
+		type = mobj->type;
+	else if (p1 == (actionf_p1)P_RemoveThinkerDelayed && mobj->thinker.debug_mobjtype != MT_NULL)
+		type = mobj->thinker.debug_mobjtype;
+	else
+		return "<Not a mobj>";
 
-	return "<Not a mobj>";
+	if (type < 0 || type >= NUMMOBJTYPES || (type >= MT_FIRSTFREESLOT && !FREE_MOBJS[type - MT_FIRSTFREESLOT]))
+		return "<Invalid mobj type>";
+	else if (type >= MT_FIRSTFREESLOT)
+		return FREE_MOBJS[type - MT_FIRSTFREESLOT]; // This doesn't include "MT_"...
+	else
+		return MOBJTYPE_LIST[type];
 }
 
 static const char *MobjThinkerName(const mobj_t *mobj)