mirror of
https://github.com/ZDoom/raze-gles.git
synced 2025-01-12 19:20:38 +00:00
Fix a couple of out-of-bounds accesses when roaming around with noclip.
- guard cansee() against negative sectnums (return 0 immediately), since it's often called with the player sectnum as one argument - in resetpspritevars(), don't inset APLAYER sprite if sectnum < 0, which can happen if a map is started in void space accidentally (e.g. from the editor) - two checks before accessing sector[] with a player sectnum git-svn-id: https://svn.eduke32.com/eduke32@2342 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
parent
5f506ec0f6
commit
53d9264f92
4 changed files with 15 additions and 6 deletions
|
@ -10822,6 +10822,10 @@ int32_t cansee(int32_t x1, int32_t y1, int32_t z1, int16_t sect1, int32_t x2, in
|
||||||
int32_t cfz1[2], cfz2[2]; // both wrt dasectnum
|
int32_t cfz1[2], cfz2[2]; // both wrt dasectnum
|
||||||
int16_t bn[2];
|
int16_t bn[2];
|
||||||
|
|
||||||
|
// invalid sectnums can happen, for example if the player is using noclip
|
||||||
|
if (sect1 < 0 || sect2 < 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
Bmemset(&pendingvec, 0, sizeof(vec3_t)); // compiler-happy
|
Bmemset(&pendingvec, 0, sizeof(vec3_t)); // compiler-happy
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -1041,18 +1041,21 @@ void A_MoveDummyPlayers(void)
|
||||||
|
|
||||||
while (i >= 0)
|
while (i >= 0)
|
||||||
{
|
{
|
||||||
|
int32_t psectnum;
|
||||||
|
|
||||||
nexti = nextspritestat[i];
|
nexti = nextspritestat[i];
|
||||||
|
|
||||||
p = sprite[OW].yvel;
|
p = sprite[OW].yvel;
|
||||||
|
psectnum = g_player[p].ps->cursectnum;
|
||||||
|
|
||||||
if (g_player[p].ps->on_crane >= 0 || (g_player[p].ps->cursectnum >= 0 && sector[g_player[p].ps->cursectnum].lotag != 1) || sprite[g_player[p].ps->i].extra <= 0)
|
if (g_player[p].ps->on_crane >= 0 || (psectnum >= 0 && sector[psectnum].lotag != 1) || sprite[g_player[p].ps->i].extra <= 0)
|
||||||
{
|
{
|
||||||
g_player[p].ps->dummyplayersprite = -1;
|
g_player[p].ps->dummyplayersprite = -1;
|
||||||
KILLIT(i);
|
KILLIT(i);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (g_player[p].ps->on_ground && g_player[p].ps->on_warping_sector == 1 && sector[g_player[p].ps->cursectnum].lotag == 1)
|
if (g_player[p].ps->on_ground && g_player[p].ps->on_warping_sector == 1 && psectnum >= 0 && sector[psectnum].lotag == 1)
|
||||||
{
|
{
|
||||||
CS = 257;
|
CS = 257;
|
||||||
SZ = sector[SECT].ceilingz+(27<<8);
|
SZ = sector[SECT].ceilingz+(27<<8);
|
||||||
|
@ -2833,7 +2836,6 @@ ACTOR_STATIC void G_MoveWeapons(void)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
||||||
// here
|
// here
|
||||||
switch (DYNAMICTILEMAP(s->picnum))
|
switch (DYNAMICTILEMAP(s->picnum))
|
||||||
{
|
{
|
||||||
|
|
|
@ -1581,8 +1581,11 @@ static void resetpspritevars(char g)
|
||||||
uint8_t aimmode[MAXPLAYERS],autoaim[MAXPLAYERS],weaponswitch[MAXPLAYERS];
|
uint8_t aimmode[MAXPLAYERS],autoaim[MAXPLAYERS],weaponswitch[MAXPLAYERS];
|
||||||
DukeStatus_t tsbar[MAXPLAYERS];
|
DukeStatus_t tsbar[MAXPLAYERS];
|
||||||
|
|
||||||
A_InsertSprite(g_player[0].ps->cursectnum,g_player[0].ps->pos.x,g_player[0].ps->pos.y,g_player[0].ps->pos.z,
|
if (g_player[0].ps->cursectnum >= 0) // < 0 may happen if we start a map in void space (e.g. testing it)
|
||||||
APLAYER,0,0,0,g_player[0].ps->ang,0,0,0,10);
|
{
|
||||||
|
A_InsertSprite(g_player[0].ps->cursectnum,g_player[0].ps->pos.x,g_player[0].ps->pos.y,g_player[0].ps->pos.z,
|
||||||
|
APLAYER,0,0,0,g_player[0].ps->ang,0,0,0,10);
|
||||||
|
}
|
||||||
|
|
||||||
if (ud.recstat != 2)
|
if (ud.recstat != 2)
|
||||||
TRAVERSE_CONNECT(i)
|
TRAVERSE_CONNECT(i)
|
||||||
|
|
|
@ -3208,7 +3208,7 @@ void P_CheckSectors(int32_t snum)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (neartagsprite == -1 && neartagwall == -1)
|
if (neartagsprite == -1 && neartagwall == -1)
|
||||||
if (sector[p->cursectnum].lotag == 2)
|
if (p->cursectnum >= 0 && sector[p->cursectnum].lotag == 2)
|
||||||
{
|
{
|
||||||
oldz = A_CheckHitSprite(p->i,&neartagsprite);
|
oldz = A_CheckHitSprite(p->i,&neartagsprite);
|
||||||
if (oldz > 1280) neartagsprite = -1;
|
if (oldz > 1280) neartagsprite = -1;
|
||||||
|
|
Loading…
Reference in a new issue