From 619d3c8c9e51ba256a0a45a047b0a5b0c2febab2 Mon Sep 17 00:00:00 2001 From: helixhorned Date: Sun, 27 Feb 2011 19:13:44 +0000 Subject: [PATCH] Final round of Mapster32 hardening. Going over the limits should now always produce an error message instead of corrupting the data. Also fixes crash in defs.c (thanks for the crashlog, LeoD). git-svn-id: https://svn.eduke32.com/eduke32@1808 1a8010ca-5511-0410-912e-c29ae57300e0 --- polymer/eduke32/build/src/build.c | 468 +++++++++++++----------------- polymer/eduke32/build/src/defs.c | 4 +- polymer/eduke32/source/astub.c | 12 +- 3 files changed, 203 insertions(+), 281 deletions(-) diff --git a/polymer/eduke32/build/src/build.c b/polymer/eduke32/build/src/build.c index 4830d2492..2e0f13773 100644 --- a/polymer/eduke32/build/src/build.c +++ b/polymer/eduke32/build/src/build.c @@ -1780,12 +1780,17 @@ static void copy_some_wall_members(int16_t dst, int16_t src) } // helpers for often needed ops: -static void copyloop1(int16_t *danumwalls, int32_t *m) +static int32_t copyloop1(int16_t *danumwalls, int32_t *m) { + if (*danumwalls >= MAXWALLS + M32_FIXME_WALLS) + return 1; + Bmemcpy(&wall[*danumwalls], &wall[*m], sizeof(walltype)); wall[*danumwalls].point2 = *danumwalls+1; (*danumwalls)++; *m = wall[*m].point2; + + return 0; } static void updatesprite1(int16_t j) @@ -1811,7 +1816,7 @@ void overheadeditor(void) int32_t tempint, tempint1, tempint2, doubvel; int32_t startwall=0, endwall, dax, day, x1, y1, x2, y2, x3, y3, x4, y4; int32_t highlightx1, highlighty1, highlightx2, highlighty2, xvect, yvect; - int16_t pag, suckwall=0, sucksect, split=0, bad, goodtogo; + int16_t pag, suckwall=0, sucksect, split=0, bad; int16_t splitsect=0, joinsector[2]; int16_t splitstartwall=0, loopnum; int32_t mousx, mousy, bstatus; @@ -3585,7 +3590,8 @@ end_point_dragging: { if (newnumwalls >= MAXWALLS + M32_FIXME_WALLS) { - printmessage16("Joining sectors failed: not enough space beyond wall[]"); + message("Joining sectors failed: not enough space beyond wall[]"); + joinsector[0] = -1; newnumwalls = -1; for (i=0; i>1; centery = ((y1+y2) + scale(x2-x1,tempint1,tempint2))>>1; @@ -3893,38 +3899,7 @@ end_join_sectors: } } - goodtogo = 1; // Checking limits... - if (bad > 0) - { - if (newnumwalls < numwalls) // starting wall drawing - { - } - else - { - //if not back to first point - if (firstx != mousxplc || firsty != mousyplc) //nextpoint - { - } - - //if not split and back to first point - if ((split == 0) && (firstx == mousxplc) && (firsty == mousyplc) && (newnumwalls >= numwalls+3)) - { - if (suckwall == -1) //if no connections to other sectors - { /* No problem... */ } - else - { - if (newnumwalls > MAXWALLS) - { - goodtogo = 0; - printmessage16("Closing wall drawing would exceed wall limit."); - } - } - } -// else if (split==1) {} // handled there - } - } - - if (bad > 0 && goodtogo) //Space + if (bad > 0) //Space { if (newnumwalls < numwalls) // starting wall drawing { @@ -4054,32 +4029,39 @@ end_join_sectors: else { printmessage16("You can't draw new lines over red lines."); + goto end_space_handling; } } } - //if not split and back to first point - if ((split == 0) && (firstx == mousxplc) && (firsty == mousyplc) && (newnumwalls >= numwalls+3)) - { - // newnumwalls is at most MAXWALLS here + ////////// newnumwalls is at most MAXWALLS here ////////// + //if not split and back to first point + if (!split && newnumwalls >= numwalls+3 + && firstx==mousxplc && firsty==mousyplc) + { wall[newnumwalls-1].point2 = numwalls; if (suckwall == -1) //if no connections to other sectors { k = -1; for (i=0; iextra = -1; + if (numsectors != sucksect) + Bmemcpy(§or[numsectors], §or[sucksect], sizeof(sectortype)); - newsec->wallptr = numwalls; - newsec->wallnum = newnumwalls-numwalls; + sector[numsectors].wallptr = numwalls; + sector[numsectors].wallnum = newnumwalls-numwalls; - newsec->ceilingstat = oldsec->ceilingstat; - newsec->floorstat = oldsec->floorstat; - newsec->ceilingxpanning = oldsec->ceilingxpanning; - newsec->floorxpanning = oldsec->floorxpanning; - newsec->ceilingshade = oldsec->ceilingshade; - newsec->floorshade = oldsec->floorshade; - newsec->ceilingz = oldsec->ceilingz; - newsec->floorz = oldsec->floorz; - newsec->ceilingpicnum = oldsec->ceilingpicnum; - newsec->floorpicnum = oldsec->floorpicnum; -// newsec->ceilingheinum = oldsec->ceilingheinum; -// newsec->floorheinum = oldsec->floorheinum; + sector[numsectors].extra = -1; + sector[numsectors].lotag = sector[numsectors].hitag = 0; + + sector[numsectors].ceilingstat &= ~2; + sector[numsectors].floorstat &= ~2; + sector[numsectors].ceilingheinum = sector[numsectors].floorheinum = 0; + sector[numsectors].ceilingpal = sector[numsectors].floorpal = 0; for (i=numwalls; i MAXWALLS) { @@ -4218,98 +4197,130 @@ end_join_sectors: break; } - if (bad == 0) + ////////// common code for splitting/loop joining ////////// + + splitendwall = k; + newnumwalls--; //first fix up the new walls + for (i=numwalls; inumwalls; j--) - { - Bmemcpy(&wall[danumwalls],&wall[j],sizeof(walltype)); - wall[danumwalls].nextwall = -1; - wall[danumwalls].nextsector = -1; - wall[danumwalls].point2 = danumwalls+1; - danumwalls++; - } + } + else + { + do + if (copyloop1(&danumwalls, &m)) goto split_not_enough_walls; + while (m != splitendwall); + } - m = splitstartwall; //copy rest of loop next + //copy split points for other sector backwards + for (j=newnumwalls; j>numwalls; j--) + { + Bmemcpy(&wall[danumwalls],&wall[j],sizeof(walltype)); + wall[danumwalls].nextwall = -1; + wall[danumwalls].nextsector = -1; + wall[danumwalls].point2 = danumwalls+1; + danumwalls++; + } + + m = splitstartwall; //copy rest of loop next + + if (doSectorSplit) + { while (m != splitendwall) - copyloop1(&danumwalls, &m); + if (copyloop1(&danumwalls, &m)) goto split_not_enough_walls; wall[danumwalls-1].point2 = secondstartwall; + } + else + { + do + if (copyloop1(&danumwalls, &m)) goto split_not_enough_walls; + while (m != splitstartwall); + wall[danumwalls-1].point2 = numwalls; + } - //Add other loops for 2nd sector - loopnum = loopnumofsector(splitsect,splitstartwall); - i = loopnum; - for (j=startwall; j<=endwall; j++) - { - k = loopnumofsector(splitsect, j); - if ((k != i) && (k != loopnum)) - { - i = k; - if (loopinside(wall[j].x,wall[j].y,secondstartwall) == 1) - { - m = j; k = danumwalls; //copy loop - do - copyloop1(&danumwalls, &m); - while (m != j); - wall[danumwalls-1].point2 = k; - } - } - } + //Add other loops for 2nd sector + i = loopnum = loopnumofsector(splitsect,splitstartwall); - //fix all next pointers on old sector line - for (j=numwalls; j= 0) { - if (wall[j].nextwall >= 0) - { - NEXTWALL(j).nextwall = j; - if (j < secondstartwall) - NEXTWALL(j).nextsector = numsectors; - else - NEXTWALL(j).nextsector = numsectors+1; - } + NEXTWALL(j).nextwall = j; + + if (!doSectorSplit || j < secondstartwall) + NEXTWALL(j).nextsector = numsectors; + else + NEXTWALL(j).nextsector = numsectors+1; } + } + + if (doSectorSplit) + { //set all next pointers on split for (j=numwalls; j= 0) - checksectorpointer(wall[j].nextwall,wall[j].nextsector); - checksectorpointer(j, sectorofwall(j)); - } - - //k now safe to use as temp + //Check pointers + for (j=numwalls-k; j= 0) + checksectorpointer(wall[j].nextwall, wall[j].nextsector); + checksectorpointer(j, sectorofwall(j)); + } + //k now safe to use as temp +#if 0 + if (doSectorSplit) for (m=numsectors-2; mnumwalls; j--) - { - Bmemcpy(&wall[danumwalls],&wall[j],sizeof(walltype)); - wall[danumwalls].nextwall = -1; - wall[danumwalls].nextsector = -1; - wall[danumwalls].point2 = danumwalls+1; - danumwalls++; - } - - m = splitstartwall; //copy rest of loop next - do - copyloop1(&danumwalls, &m); - while (m != splitstartwall); - wall[danumwalls-1].point2 = numwalls; - - //Add other loops to sector - loopnum = loopnumofsector(splitsect,splitstartwall); - i = loopnum; - for (j=startwall; j<=endwall; j++) - { - k = loopnumofsector(splitsect, j); - if ((k != i) && (k != loopnumofsector(splitsect,splitstartwall)) && (k != loopnumofsector(splitsect,splitendwall))) - { - i = k; - m = j; k = danumwalls; //copy loop - do - copyloop1(&danumwalls, &m); - while (m != j); - wall[danumwalls-1].point2 = k; - } - } - - //fix all next pointers on old sector line - for (j=numwalls; j= 0) - { - NEXTWALL(j).nextwall = j; - NEXTWALL(j).nextsector = numsectors; - } - } - - //copy sector attributes & fix wall pointers - Bmemcpy(§or[numsectors],§or[splitsect],sizeof(sectortype)); - sector[numsectors].wallptr = numwalls; - sector[numsectors].wallnum = danumwalls-numwalls; - - //fix sprites - j = headspritesect[splitsect]; - while (j != -1) - { - k = nextspritesect[j]; - changespritesect(j,numsectors); - j = k; - } - - numsectors++; - - //Back of number of walls of new sector for later - k = danumwalls-numwalls; - - //clear out old sector's next pointers for clean deletesector - numwalls = danumwalls; - for (j=startwall; j<=endwall; j++) - { - wall[j].nextwall = -1; - wall[j].nextsector = -1; - } - deletesector(splitsect); - - //Check pointers - for (j=numwalls-k; j= 0) - checksectorpointer(wall[j].nextwall,wall[j].nextsector); - checksectorpointer(j, numsectors-1); - } - - printmessage16("Loops joined."); +split_not_enough_walls: + message("%s failed: not enough space beyond wall[]", + doSectorSplit ? "Splitting sectors" : "Joining loops"); } newnumwalls = -1; @@ -6729,6 +6650,7 @@ static void copysector(int16_t soursector, int16_t destsector, int16_t deststart break; m += sector[highlightsector[i]].wallnum; } + if (i==highlightsectorcnt) { message("internal error in copysector(): i==highlightsectorcnt"); diff --git a/polymer/eduke32/build/src/defs.c b/polymer/eduke32/build/src/defs.c index 002a3a23a..f98f9990c 100644 --- a/polymer/eduke32/build/src/defs.c +++ b/polymer/eduke32/build/src/defs.c @@ -467,7 +467,7 @@ static int32_t defsparser(scriptfile *script) char *texturetokptr = script->ltextptr, *textureend, *fn = NULL, *tfn = NULL, *ftd = NULL; int32_t tile=-1, token, i; int32_t alphacut = 255; - int32_t xoffset = 0, yoffset = 0; + int32_t xoffset = 0, yoffset = 0, goodtogo=0; static const tokenlist tilefromtexturetokens[] = { @@ -526,6 +526,7 @@ static int32_t defsparser(scriptfile *script) } else Bfree(tfn); pathsearchmode = i; + goodtogo = 1; } if ((unsigned)tile >= (unsigned)MAXTILES) @@ -535,6 +536,7 @@ static int32_t defsparser(scriptfile *script) break; } + if (goodtogo) { int32_t xsiz, ysiz, j; int32_t *picptr = NULL; diff --git a/polymer/eduke32/source/astub.c b/polymer/eduke32/source/astub.c index 7d37fc848..f2df53799 100644 --- a/polymer/eduke32/source/astub.c +++ b/polymer/eduke32/source/astub.c @@ -6702,9 +6702,8 @@ static void Keys2d(void) static int32_t counter = 0; static int32_t omx = 0, omy = 0; /* - static int32_t opointhighlight, olinehighlight, ocursectornum; - - if (pointhighlight == opointhighlight && linehighlight == olinehighlight && tcursectornum == ocursectornum) + static int32_t opointhighlight, olinehighlight, ocursectornum; + if (pointhighlight == opointhighlight && linehighlight == olinehighlight && tcursectornum == ocursectornum) */ if (omx == mousxplc && omy == mousyplc) { @@ -6718,12 +6717,11 @@ static void Keys2d(void) omy = mousyplc; /* - opointhighlight = pointhighlight; - olinehighlight = linehighlight; - ocursectornum = tcursectornum; + opointhighlight = pointhighlight; + olinehighlight = linehighlight; + ocursectornum = tcursectornum; */ - if (totalclock < lastpm16time + 120*2) _printmessage16("%s", lastpm16buf); else if (counter >= 2 && totalclock >= 120*6)