From 7b6e47f444215d8eca713e5fa1ab177d2ed01a80 Mon Sep 17 00:00:00 2001
From: helixhorned <helixhorned@1a8010ca-5511-0410-912e-c29ae57300e0>
Date: Sun, 7 Jun 2015 09:55:40 +0000
Subject: [PATCH] mdsprite.c: from updateanimation(), if m->[cn]frame >=
 numframes, clear to 0.

This prevents an oob access when rendering, the one observed was at
polymer.c:4255.

git-svn-id: https://svn.eduke32.com/eduke32@5264 1a8010ca-5511-0410-912e-c29ae57300e0
---
 polymer/eduke32/build/src/mdsprite.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/polymer/eduke32/build/src/mdsprite.c b/polymer/eduke32/build/src/mdsprite.c
index a9ce7ef58..9f2a6add7 100644
--- a/polymer/eduke32/build/src/mdsprite.c
+++ b/polymer/eduke32/build/src/mdsprite.c
@@ -1071,7 +1071,7 @@ void updateanimation(md2model_t *m, const tspritetype *tspr, uint8_t lpal)
             if (m->cframe >= m->numframes)
                 OSD_Printf("2: c > n\n");
 #endif
-            return;
+            goto prep_return;
         }
 
         m->nframe = anim->startframe;
@@ -1081,7 +1081,7 @@ void updateanimation(md2model_t *m, const tspritetype *tspr, uint8_t lpal)
             OSD_Printf("3: c > n\n");
 #endif
         smooth->mdsmooth = 1;
-        return;
+        goto prep_return;
     }
 
     fps = smooth->mdsmooth ?
@@ -1127,7 +1127,7 @@ void updateanimation(md2model_t *m, const tspritetype *tspr, uint8_t lpal)
 #endif
             smooth->mdoldframe = m->cframe;
             //OSD_Printf("smooth stopped !\n");
-            return;
+            goto prep_return;
         }
     }
     else
@@ -1147,6 +1147,12 @@ void updateanimation(md2model_t *m, const tspritetype *tspr, uint8_t lpal)
 
     m->interpol = ((float)(i&65535))/65536.f;
     //OSD_Printf("interpol %f\n", m->interpol);
+
+prep_return:
+    if (m->cframe >= m->numframes)
+        m->cframe = 0;
+    if (m->nframe >= m->numframes)
+        m->nframe = 0;
 }
 
 // VBO generation and allocation