zdoom/raze-gles
0
0
Fork 0
mirror of https://github.com/ZDoom/raze-gles.git synced 2025-01-27 09:20:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix off-by-one error in CON_DEFINESOUND and null pointer arithmetic in CON_CASE and CON_DEFAULT (!)

Browse source 
git-svn-id: https://svn.eduke32.com/eduke32@7033 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
terminx 2018-10-07 05:22:46 +00:00
parent e6039031fe
commit 33f57d4bb6
1 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
source/duke3d/src/gamedef.cpp
View file

@ -5068,7 +5068,6 @@ DO_DEFSTATE:
g_checkingSwitch++; // allow nesting (if other things work) g_checkingSwitch++; // allow nesting (if other things work)
C_GetNextVar(); C_GetNextVar();
intptr_t *tempscrptr= g_scriptPtr;
tempoffset = (unsigned)(g_scriptPtr-apScript); tempoffset = (unsigned)(g_scriptPtr-apScript);
BITPTR_CLEAR(g_scriptPtr-apScript); BITPTR_CLEAR(g_scriptPtr-apScript);
*g_scriptPtr++=0; // leave spot for end location (for after processing) *g_scriptPtr++=0; // leave spot for end location (for after processing)
@ -5086,7 +5085,7 @@ DO_DEFSTATE:
g_scriptPtr+=j*2; g_scriptPtr+=j*2;
C_SkipComments(); C_SkipComments();
g_scriptPtr-=j*2; // allocate buffer for the table g_scriptPtr-=j*2; // allocate buffer for the table
tempscrptr = (intptr_t *)(apScript+tempoffset); intptr_t *tempscrptr = (intptr_t *)(apScript+tempoffset);
//AddLog(g_szBuf); //AddLog(g_szBuf);
@ -5188,7 +5187,7 @@ DO_DEFSTATE:
} }
intptr_t tempoffset = 0; intptr_t tempoffset = 0;
intptr_t *tempscrptr = NULL; intptr_t *tempscrptr = g_scriptPtr;
g_checkingCase++; g_checkingCase++;
repeatcase: repeatcase:
@ -6083,7 +6082,7 @@ repeatcase:
j = hash_find(&h_labels,tempbuf); j = hash_find(&h_labels,tempbuf);
k = *(g_scriptPtr-1); k = *(g_scriptPtr-1);
if (EDUKE32_PREDICT_FALSE((unsigned)k >= MAXSOUNDS)) if (EDUKE32_PREDICT_FALSE((unsigned)k >= MAXSOUNDS-1))
{ {
initprintf("%s:%d: error: exceeded sound limit of %d.\n",g_scriptFileName,g_lineNumber,MAXSOUNDS); initprintf("%s:%d: error: exceeded sound limit of %d.\n",g_scriptFileName,g_lineNumber,MAXSOUNDS);
g_errorCnt++; g_errorCnt++;