From 96913c4a479ad642d7759590d652b56a482ee2ee Mon Sep 17 00:00:00 2001 From: Inuyasha Date: Wed, 20 Jan 2016 01:13:21 -0800 Subject: [PATCH] objectplace stability fix Objectplace reallocates the mapthings list to add one more mapthing. By itself there's no problem with this. But, mobj->spawnpoint is a pointer to the mapthing's location in the mapthings list. So by reallocating the mapthings list, all references to mobj->spawnpoints point to freed memory. ... Oops. Now when objectplace reallocates the mapthings list it actually corrects the locations of all mobj's spawnpoints to point to the new list. Hooray, you can use NiGHTS objectplace again if you really want to. --- src/m_cheat.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/src/m_cheat.c b/src/m_cheat.c index 4da9b3ba7..6eaf31c4a 100644 --- a/src/m_cheat.c +++ b/src/m_cheat.c @@ -880,12 +880,33 @@ static boolean OP_HeightOkay(player_t *player, UINT8 ceiling) static mapthing_t *OP_CreateNewMapThing(player_t *player, UINT16 type, boolean ceiling) { - mapthing_t *mt; + mapthing_t *mt = mapthings; + #ifdef HAVE_BLUA LUA_InvalidateMapthings(); #endif mapthings = Z_Realloc(mapthings, ++nummapthings * sizeof (*mapthings), PU_LEVEL, NULL); + + // as Z_Realloc can relocate mapthings, quickly go through thinker list and correct + // the spawnpoints of any objects that have them to the new location + if (mt != mapthings) + { + thinker_t *th; + mobj_t *mo; + + for (th = thinkercap.next; th != &thinkercap; th = th->next) + { + if (th->function.acp1 != (actionf_p1)P_MobjThinker) + continue; + + mo = (mobj_t *)th; + // get offset from mt, which points to old mapthings, then add new location + if (mo->spawnpoint) + mo->spawnpoint = (mo->spawnpoint - mt) + mapthings; + } + } + mt = (mapthings+nummapthings-1); mt->type = type;