From 4b44063853b558a9a32d76b2e855389fa785c4ee Mon Sep 17 00:00:00 2001 From: helixhorned Date: Mon, 12 Aug 2013 15:18:18 +0000 Subject: [PATCH] Fix taking address out of bounds of stack'd array, introduced in r3983. Clang's UBSan reports this as undefined behavior. I think that the reason is as follows: C99 6.5.3.2#1 (Constraints) says: The operand of the unary & operator shall be either a function designator, the result of a [] or unary * operator, or an lvalue that designates an object that is not a bit-field and is not declared with the register storage-class specifier. But in case of an expression like "&array[-1]", the operand ("array[-1]") does not designate a valid object. Moral: check first -- assure that an expression is valid for a particular operation before carrying it out. Keep in mind that otherwise, the compiler is absolutely free to optimize out the *check*. git-svn-id: https://svn.eduke32.com/eduke32@4014 1a8010ca-5511-0410-912e-c29ae57300e0 --- polymer/eduke32/source/game.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/polymer/eduke32/source/game.c b/polymer/eduke32/source/game.c index 8e78f4938..5b4b0b0dc 100644 --- a/polymer/eduke32/source/game.c +++ b/polymer/eduke32/source/game.c @@ -4270,11 +4270,13 @@ static void G_OROR_DupeSprites(void) // dupe the sprites touching the portal to the other sector // viewing from bottom int32_t k; - spritetype *sp = &sprite[ror_sprite]; + spritetype *sp; if ((unsigned) ror_sprite >= MAXSPRITES || drawing_ror != 1) return; + sp = &sprite[ror_sprite]; + for (k = headspritesect[sp->sectnum]; k != -1; k = nextspritesect[k]) { if (sprite[k].picnum != SECTOREFFECTOR && (sprite[k].z >= sp->z))