Fix a couple of out-of-bounds accesses when roaming around with noclip.

- guard cansee() against negative sectnums (return 0 immediately), since
  it's often called with the player sectnum as one argument
- in resetpspritevars(), don't inset APLAYER sprite if sectnum < 0, which
  can happen if a map is started in void space accidentally (e.g. from
  the editor)
- two checks before accessing sector[] with a player sectnum

git-svn-id: https://svn.eduke32.com/eduke32@2342 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
helixhorned 2012-02-14 23:13:38 +00:00
parent 5f506ec0f6
commit 53d9264f92
4 changed files with 15 additions and 6 deletions

View file

@ -10822,6 +10822,10 @@ int32_t cansee(int32_t x1, int32_t y1, int32_t z1, int16_t sect1, int32_t x2, in
int32_t cfz1[2], cfz2[2]; // both wrt dasectnum int32_t cfz1[2], cfz2[2]; // both wrt dasectnum
int16_t bn[2]; int16_t bn[2];
// invalid sectnums can happen, for example if the player is using noclip
if (sect1 < 0 || sect2 < 0)
return 0;
Bmemset(&pendingvec, 0, sizeof(vec3_t)); // compiler-happy Bmemset(&pendingvec, 0, sizeof(vec3_t)); // compiler-happy
#endif #endif

View file

@ -1041,18 +1041,21 @@ void A_MoveDummyPlayers(void)
while (i >= 0) while (i >= 0)
{ {
int32_t psectnum;
nexti = nextspritestat[i]; nexti = nextspritestat[i];
p = sprite[OW].yvel; p = sprite[OW].yvel;
psectnum = g_player[p].ps->cursectnum;
if (g_player[p].ps->on_crane >= 0 || (g_player[p].ps->cursectnum >= 0 && sector[g_player[p].ps->cursectnum].lotag != 1) || sprite[g_player[p].ps->i].extra <= 0) if (g_player[p].ps->on_crane >= 0 || (psectnum >= 0 && sector[psectnum].lotag != 1) || sprite[g_player[p].ps->i].extra <= 0)
{ {
g_player[p].ps->dummyplayersprite = -1; g_player[p].ps->dummyplayersprite = -1;
KILLIT(i); KILLIT(i);
} }
else else
{ {
if (g_player[p].ps->on_ground && g_player[p].ps->on_warping_sector == 1 && sector[g_player[p].ps->cursectnum].lotag == 1) if (g_player[p].ps->on_ground && g_player[p].ps->on_warping_sector == 1 && psectnum >= 0 && sector[psectnum].lotag == 1)
{ {
CS = 257; CS = 257;
SZ = sector[SECT].ceilingz+(27<<8); SZ = sector[SECT].ceilingz+(27<<8);
@ -2833,7 +2836,6 @@ ACTOR_STATIC void G_MoveWeapons(void)
} }
else else
{ {
// here // here
switch (DYNAMICTILEMAP(s->picnum)) switch (DYNAMICTILEMAP(s->picnum))
{ {

View file

@ -1581,8 +1581,11 @@ static void resetpspritevars(char g)
uint8_t aimmode[MAXPLAYERS],autoaim[MAXPLAYERS],weaponswitch[MAXPLAYERS]; uint8_t aimmode[MAXPLAYERS],autoaim[MAXPLAYERS],weaponswitch[MAXPLAYERS];
DukeStatus_t tsbar[MAXPLAYERS]; DukeStatus_t tsbar[MAXPLAYERS];
if (g_player[0].ps->cursectnum >= 0) // < 0 may happen if we start a map in void space (e.g. testing it)
{
A_InsertSprite(g_player[0].ps->cursectnum,g_player[0].ps->pos.x,g_player[0].ps->pos.y,g_player[0].ps->pos.z, A_InsertSprite(g_player[0].ps->cursectnum,g_player[0].ps->pos.x,g_player[0].ps->pos.y,g_player[0].ps->pos.z,
APLAYER,0,0,0,g_player[0].ps->ang,0,0,0,10); APLAYER,0,0,0,g_player[0].ps->ang,0,0,0,10);
}
if (ud.recstat != 2) if (ud.recstat != 2)
TRAVERSE_CONNECT(i) TRAVERSE_CONNECT(i)

View file

@ -3208,7 +3208,7 @@ void P_CheckSectors(int32_t snum)
return; return;
if (neartagsprite == -1 && neartagwall == -1) if (neartagsprite == -1 && neartagwall == -1)
if (sector[p->cursectnum].lotag == 2) if (p->cursectnum >= 0 && sector[p->cursectnum].lotag == 2)
{ {
oldz = A_CheckHitSprite(p->i,&neartagsprite); oldz = A_CheckHitSprite(p->i,&neartagsprite);
if (oldz > 1280) neartagsprite = -1; if (oldz > 1280) neartagsprite = -1;