From 2501dc6df68e749094b4517a48c81f9a7b4fe1d2 Mon Sep 17 00:00:00 2001 From: Edoardo Prezioso Date: Mon, 13 Jan 2014 01:48:31 +0100 Subject: [PATCH] Fixed signed overflow issue, which caused a non-intended aggressive optimization by GCC 4.8. Also, negative values of the 'limit' parameter in both ACS UniqueTID() and in 'utid' CCMD are ignored and replaced by 0. --- src/p_acs.cpp | 2 +- src/p_mobj.cpp | 16 ++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/p_acs.cpp b/src/p_acs.cpp index 582385c48..962b70049 100644 --- a/src/p_acs.cpp +++ b/src/p_acs.cpp @@ -4933,7 +4933,7 @@ int DLevelScript::CallFunction(int argCount, int funcIndex, SDWORD *args, const break; case ACSF_UniqueTID: - return P_FindUniqueTID(argCount > 0 ? args[0] : 0, argCount > 1 ? args[1] : 0); + return P_FindUniqueTID(argCount > 0 ? args[0] : 0, (argCount > 1 && args[1] >= 0) ? args[1] : 0); case ACSF_IsTIDUsed: return P_IsTIDUsed(args[0]); diff --git a/src/p_mobj.cpp b/src/p_mobj.cpp index 03bbb4d8d..6602a11a5 100644 --- a/src/p_mobj.cpp +++ b/src/p_mobj.cpp @@ -2722,12 +2722,16 @@ int P_FindUniqueTID(int start_tid, int limit) if (start_tid != 0) { // Do a linear search. - limit = start_tid + limit - 1; - if (limit < start_tid) - { // If it overflowed, clamp to INT_MAX - limit = INT_MAX; + int end_tid = start_tid; + if (start_tid > 0 && limit > INT_MAX - start_tid + 1) + { // If 'limit+start_tid-1' overflows, clamp 'end_tid' to INT_MAX + end_tid = INT_MAX; } - for (tid = start_tid; tid <= limit; ++tid) + else + { + end_tid += limit-1; + } + for (tid = start_tid; tid <= end_tid; ++tid) { if (tid != 0 && !P_IsTIDUsed(tid)) { @@ -2765,7 +2769,7 @@ CCMD(utid) { Printf("%d\n", P_FindUniqueTID(argv.argc() > 1 ? atoi(argv[1]) : 0, - argv.argc() > 2 ? atoi(argv[2]) : 0)); + (argv.argc() > 2 && atoi(argv[2]) >= 0) ? atoi(argv[2]) : 0)); } //==========================================================================