From fc16ac6bd2d05cba8a2d057994b097e95bae28a0 Mon Sep 17 00:00:00 2001 From: Zack Middleton Date: Sun, 4 Feb 2018 09:07:44 -0600 Subject: [PATCH] Fix invalid access to cluster 0 in AAS_AreaRouteToGoalArea() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Newer versions of BSPC such as 2.1h included with the Quake 3 GPL source code create AAS files containing areas in cluster 0 if the area has no reachabilities. The AAS files included with Quake 3 and Team Arena do not contain areas in cluster 0. It's apparent that BSPC would not create them. Instead it created clusters with no reachability areas. It seems the intention was to check if the areanum and goalareanum have reachable areas using AAS_AreaReachability(areanum) everywhere before calling AAS_AreaRouteToGoalArea(). This prevents adding cluster 0 to the routing cache and portal cache. However, it is not checked everywhere and including some places in the Game VM. Fix AAS_AreaRouteToGoalArea() instead of trying to wack-a-mole with all the places that call it. Cluster 0 access reported by Thomas Köppe (github @tkoeppe) as causing crashes in rare cases. --- code/botlib/be_aas_route.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/code/botlib/be_aas_route.c b/code/botlib/be_aas_route.c index bad375d4..7bdc9f22 100644 --- a/code/botlib/be_aas_route.c +++ b/code/botlib/be_aas_route.c @@ -1603,7 +1603,7 @@ int AAS_AreaRouteToGoalArea(int areanum, vec3_t origin, int goalareanum, int tra *reachnum = 0; return qtrue; } - // + //check !AAS_AreaReachability(areanum) with custom developer-only debug message if (areanum <= 0 || areanum >= aasworld.numareas) { if (botDeveloper) @@ -1620,6 +1620,10 @@ int AAS_AreaRouteToGoalArea(int areanum, vec3_t origin, int goalareanum, int tra } //end if return qfalse; } //end if + if (!aasworld.areasettings[areanum].numreachableareas || !aasworld.areasettings[goalareanum].numreachableareas) + { + return qfalse; + } //end if // make sure the routing cache doesn't grow to large while(AvailableMemory() < 1 * 1024 * 1024) { if (!AAS_FreeOldestCache()) break;