From d6346fb0c6987a5bad559fee5b4a61b5270070dd Mon Sep 17 00:00:00 2001 From: "alexey.lysiuk" Date: Mon, 3 Oct 2016 21:44:00 +0300 Subject: [PATCH 1/3] Fixed compilation with GCC or Clang --- src/g_shared/sbarinfo_commands.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/g_shared/sbarinfo_commands.cpp b/src/g_shared/sbarinfo_commands.cpp index 13c98d833..d105ab818 100644 --- a/src/g_shared/sbarinfo_commands.cpp +++ b/src/g_shared/sbarinfo_commands.cpp @@ -1187,12 +1187,12 @@ class CommandDrawNumber : public CommandDrawString if (!(cvartype == CVAR_Bool || cvartype == CVAR_Int)) { - sc.ScriptMessage("CVar '%s' is not an int or bool", cvarName); + sc.ScriptMessage("CVar '%s' is not an int or bool", cvarName.GetChars()); } } else { - sc.ScriptMessage("CVar '%s' does not exist", cvarName); + sc.ScriptMessage("CVar '%s' does not exist", cvarName.GetChars()); } if (parenthesized) sc.MustGetToken(')'); From 594b344be9a91bcd1da6bebb8b3047069554b8de Mon Sep 17 00:00:00 2001 From: Marisa Heit Date: Mon, 3 Oct 2016 22:00:49 -0500 Subject: [PATCH 2/3] Don't use MIN when clamping topclip. - This was fine with fixed point numbers, since they could never be outside of short range when converted to regular ints. With floating point numbers now, that condition no longer holds. --- src/r_things.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/r_things.cpp b/src/r_things.cpp index a45a6826a..179ffec97 100644 --- a/src/r_things.cpp +++ b/src/r_things.cpp @@ -2097,7 +2097,7 @@ void R_DrawSprite (vissprite_t *spr) { // seen below floor: clip top if (!spr->bIsVoxel && h > topclip) { - topclip = MIN (h, viewheight); + topclip = short(MIN(h, viewheight)); } hzt = MIN(hzt, hz); } @@ -2127,7 +2127,7 @@ void R_DrawSprite (vissprite_t *spr) { // seen in the middle: clip top if (!spr->bIsVoxel && h > topclip) { - topclip = MIN (h, viewheight); + topclip = MIN(h, viewheight); } hzt = MIN(hzt, hz); } @@ -2181,7 +2181,7 @@ void R_DrawSprite (vissprite_t *spr) int h = xs_RoundToInt(CenterY - (hz - ViewPos.Z) * scale); if (h > topclip) { - topclip = MIN(h, viewheight); + topclip = short(MIN(h, viewheight)); } } hzt = MIN(hzt, sclipTop); @@ -2204,7 +2204,7 @@ void R_DrawSprite (vissprite_t *spr) h = (centeryfrac - FixedMul (h-viewz, scale)) >> FRACBITS; if (h > topclip) { - topclip = MIN (h, viewheight); + topclip = short(MIN(h, viewheight)); } } #endif From 15cbf4bae66359a3ffe9eb2b20b30ca31df39768 Mon Sep 17 00:00:00 2001 From: Christoph Oelckers Date: Tue, 4 Oct 2016 09:28:19 +0200 Subject: [PATCH 3/3] - fixed: DecoHandleRuntimeState must check all parent classes when trying to determine if the target is a valid state. It should also ensure that both the calling and target state belong to the same actor. Although unlikely it cannot be entirely ruled out that a bogus index randomly points to a seemingly valid state elsewhere. --- src/thingdef/thingdef_expression.cpp | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/thingdef/thingdef_expression.cpp b/src/thingdef/thingdef_expression.cpp index 700ac94bb..c2b2d25e6 100644 --- a/src/thingdef/thingdef_expression.cpp +++ b/src/thingdef/thingdef_expression.cpp @@ -4956,6 +4956,25 @@ FxExpression *FxRuntimeStateIndex::Resolve(FCompileContext &ctx) return this; } +static bool VerifyJumpTarget(AActor *stateowner, FStateParamInfo *stateinfo, int index) +{ + PClassActor *cls = stateowner->GetClass(); + + while (cls != RUNTIME_CLASS(AActor)) + { + // both calling and target state need to belong to the same class. + if (cls->OwnsState(stateinfo->mCallingState)) + { + return cls->OwnsState(stateinfo->mCallingState + index); + } + + // We can safely assume the ParentClass is of type PClassActor + // since we stop when we see the Actor base class. + cls = static_cast(cls->ParentClass); + } + return false; +} + static int DecoHandleRuntimeState(VMFrameStack *stack, VMValue *param, int numparam, VMReturn *ret, int numret) { PARAM_PROLOGUE; @@ -4963,7 +4982,7 @@ static int DecoHandleRuntimeState(VMFrameStack *stack, VMValue *param, int numpa PARAM_POINTER(stateinfo, FStateParamInfo); PARAM_INT(index); - if (index == 0 || !stateowner->GetClass()->OwnsState(stateinfo->mCallingState + index)) + if (index == 0 || !VerifyJumpTarget(stateowner, stateinfo, index)) { // Null is returned if the location was invalid which means that no jump will be performed // if used as return value