mirror of
https://github.com/DrBeef/Raze.git
synced 2024-11-15 17:01:51 +00:00
Fix a couple of out-of-bounds accesses when roaming around with noclip.
- guard cansee() against negative sectnums (return 0 immediately), since it's often called with the player sectnum as one argument - in resetpspritevars(), don't inset APLAYER sprite if sectnum < 0, which can happen if a map is started in void space accidentally (e.g. from the editor) - two checks before accessing sector[] with a player sectnum git-svn-id: https://svn.eduke32.com/eduke32@2342 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
parent
5f506ec0f6
commit
53d9264f92
4 changed files with 15 additions and 6 deletions
|
@ -10822,6 +10822,10 @@ int32_t cansee(int32_t x1, int32_t y1, int32_t z1, int16_t sect1, int32_t x2, in
|
|||
int32_t cfz1[2], cfz2[2]; // both wrt dasectnum
|
||||
int16_t bn[2];
|
||||
|
||||
// invalid sectnums can happen, for example if the player is using noclip
|
||||
if (sect1 < 0 || sect2 < 0)
|
||||
return 0;
|
||||
|
||||
Bmemset(&pendingvec, 0, sizeof(vec3_t)); // compiler-happy
|
||||
#endif
|
||||
|
||||
|
|
|
@ -1041,18 +1041,21 @@ void A_MoveDummyPlayers(void)
|
|||
|
||||
while (i >= 0)
|
||||
{
|
||||
int32_t psectnum;
|
||||
|
||||
nexti = nextspritestat[i];
|
||||
|
||||
p = sprite[OW].yvel;
|
||||
psectnum = g_player[p].ps->cursectnum;
|
||||
|
||||
if (g_player[p].ps->on_crane >= 0 || (g_player[p].ps->cursectnum >= 0 && sector[g_player[p].ps->cursectnum].lotag != 1) || sprite[g_player[p].ps->i].extra <= 0)
|
||||
if (g_player[p].ps->on_crane >= 0 || (psectnum >= 0 && sector[psectnum].lotag != 1) || sprite[g_player[p].ps->i].extra <= 0)
|
||||
{
|
||||
g_player[p].ps->dummyplayersprite = -1;
|
||||
KILLIT(i);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (g_player[p].ps->on_ground && g_player[p].ps->on_warping_sector == 1 && sector[g_player[p].ps->cursectnum].lotag == 1)
|
||||
if (g_player[p].ps->on_ground && g_player[p].ps->on_warping_sector == 1 && psectnum >= 0 && sector[psectnum].lotag == 1)
|
||||
{
|
||||
CS = 257;
|
||||
SZ = sector[SECT].ceilingz+(27<<8);
|
||||
|
@ -2833,7 +2836,6 @@ ACTOR_STATIC void G_MoveWeapons(void)
|
|||
}
|
||||
else
|
||||
{
|
||||
|
||||
// here
|
||||
switch (DYNAMICTILEMAP(s->picnum))
|
||||
{
|
||||
|
|
|
@ -1581,8 +1581,11 @@ static void resetpspritevars(char g)
|
|||
uint8_t aimmode[MAXPLAYERS],autoaim[MAXPLAYERS],weaponswitch[MAXPLAYERS];
|
||||
DukeStatus_t tsbar[MAXPLAYERS];
|
||||
|
||||
A_InsertSprite(g_player[0].ps->cursectnum,g_player[0].ps->pos.x,g_player[0].ps->pos.y,g_player[0].ps->pos.z,
|
||||
APLAYER,0,0,0,g_player[0].ps->ang,0,0,0,10);
|
||||
if (g_player[0].ps->cursectnum >= 0) // < 0 may happen if we start a map in void space (e.g. testing it)
|
||||
{
|
||||
A_InsertSprite(g_player[0].ps->cursectnum,g_player[0].ps->pos.x,g_player[0].ps->pos.y,g_player[0].ps->pos.z,
|
||||
APLAYER,0,0,0,g_player[0].ps->ang,0,0,0,10);
|
||||
}
|
||||
|
||||
if (ud.recstat != 2)
|
||||
TRAVERSE_CONNECT(i)
|
||||
|
|
|
@ -3208,7 +3208,7 @@ void P_CheckSectors(int32_t snum)
|
|||
return;
|
||||
|
||||
if (neartagsprite == -1 && neartagwall == -1)
|
||||
if (sector[p->cursectnum].lotag == 2)
|
||||
if (p->cursectnum >= 0 && sector[p->cursectnum].lotag == 2)
|
||||
{
|
||||
oldz = A_CheckHitSprite(p->i,&neartagsprite);
|
||||
if (oldz > 1280) neartagsprite = -1;
|
||||
|
|
Loading…
Reference in a new issue