From 33f57d4bb625eaa87f3d8dd5aacf4c7bb585b832 Mon Sep 17 00:00:00 2001 From: terminx Date: Sun, 7 Oct 2018 05:22:46 +0000 Subject: [PATCH] Fix off-by-one error in CON_DEFINESOUND and null pointer arithmetic in CON_CASE and CON_DEFAULT (!) git-svn-id: https://svn.eduke32.com/eduke32@7033 1a8010ca-5511-0410-912e-c29ae57300e0 --- source/duke3d/src/gamedef.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/source/duke3d/src/gamedef.cpp b/source/duke3d/src/gamedef.cpp index a325143e2..053617570 100644 --- a/source/duke3d/src/gamedef.cpp +++ b/source/duke3d/src/gamedef.cpp @@ -5068,7 +5068,6 @@ DO_DEFSTATE: g_checkingSwitch++; // allow nesting (if other things work) C_GetNextVar(); - intptr_t *tempscrptr= g_scriptPtr; tempoffset = (unsigned)(g_scriptPtr-apScript); BITPTR_CLEAR(g_scriptPtr-apScript); *g_scriptPtr++=0; // leave spot for end location (for after processing) @@ -5086,7 +5085,7 @@ DO_DEFSTATE: g_scriptPtr+=j*2; C_SkipComments(); g_scriptPtr-=j*2; // allocate buffer for the table - tempscrptr = (intptr_t *)(apScript+tempoffset); + intptr_t *tempscrptr = (intptr_t *)(apScript+tempoffset); //AddLog(g_szBuf); @@ -5188,7 +5187,7 @@ DO_DEFSTATE: } intptr_t tempoffset = 0; - intptr_t *tempscrptr = NULL; + intptr_t *tempscrptr = g_scriptPtr; g_checkingCase++; repeatcase: @@ -6083,7 +6082,7 @@ repeatcase: j = hash_find(&h_labels,tempbuf); k = *(g_scriptPtr-1); - if (EDUKE32_PREDICT_FALSE((unsigned)k >= MAXSOUNDS)) + if (EDUKE32_PREDICT_FALSE((unsigned)k >= MAXSOUNDS-1)) { initprintf("%s:%d: error: exceeded sound limit of %d.\n",g_scriptFileName,g_lineNumber,MAXSOUNDS); g_errorCnt++;