Make g_player a +1 offset pointer into 'static g_player_s[1 + MAXPLAYER]'.

This fixes the out-of-bounds read of former g_player[] in VM_EventCommon_().

git-svn-id: https://svn.eduke32.com/eduke32@4961 1a8010ca-5511-0410-912e-c29ae57300e0

polymer/eduke32/build/src/engine.c

@@ -9079,17 +9079,15 @@ static int32_t preinitcalled = 0;
 
 // #define DYNALLOC_ARRAYS
 
-#ifndef DYNALLOC_ARRAYS
-# if !defined DEBUG_MAIN_ARRAYS
+#ifdef DYNALLOC_ARRAYS
+void *blockptr = NULL;
+#elif !defined DEBUG_MAIN_ARRAYS
 static spriteext_t spriteext_s[MAXSPRITES+MAXUNIQHUDID];
 static spritesmooth_t spritesmooth_s[MAXSPRITES+MAXUNIQHUDID];
 static sectortype sector_s[MAXSECTORS + M32_FIXME_SECTORS];
 static walltype wall_s[MAXWALLS + M32_FIXME_WALLS];
 static spritetype sprite_s[MAXSPRITES];
 static tspritetype tsprite_s[MAXSPRITESONSCREEN];
-# endif
-#else
-void *blockptr = NULL;
 #endif
 
 int32_t preinitengine(void)
@@ -9142,15 +9140,13 @@ int32_t preinitengine(void)
         }
     }
 
-#else
-# if !defined DEBUG_MAIN_ARRAYS
+#elif !defined DEBUG_MAIN_ARRAYS
     sector = sector_s;
     wall = wall_s;
     sprite = sprite_s;
     tsprite = tsprite_s;
     spriteext = spriteext_s;
     spritesmooth = spritesmooth_s;
-# endif
 #endif
 
     if ((e = Bgetenv("BUILD_NOP6")) != NULL)

polymer/eduke32/source/global.h

@@ -112,11 +112,22 @@ G_EXTERN intptr_t *g_scriptPtr;
 G_EXTERN int32_t *labelcode,*labeltype;
 G_EXTERN intptr_t *script;
 G_EXTERN map_t MapInfo[(MAXVOLUMES+1)*MAXLEVELS];  // +1 volume for "intro", "briefing" and "loading" music
+
+// XXX: I think this pragma pack is meaningless here.
+// MSDN (https://msdn.microsoft.com/en-us/library/2e70t5y1%28VS.80%29.aspx) says:
+// "pack takes effect at the first struct, union, or class declaration after
+//  the pragma is seen; pack has no effect on definitions."
 #pragma pack(push,1)
-G_EXTERN playerdata_t g_player[MAXPLAYERS];
+#ifdef global_c_
+static playerdata_t g_player_s[1 + MAXPLAYERS];
+playerdata_t *const g_player = &g_player_s[1];
+#else
+extern playerdata_t *const g_player;
+#endif
 G_EXTERN playerspawn_t g_playerSpawnPoints[MAXPLAYERS];
 G_EXTERN input_t inputfifo[MOVEFIFOSIZ][MAXPLAYERS];
 #pragma pack(pop)
+
 G_EXTERN projectile_t ProjectileData[MAXTILES];
 G_EXTERN projectile_t SpriteProjectile[MAXSPRITES];
 G_EXTERN sound_t g_sounds[MAXSOUNDS];
@@ -129,32 +140,32 @@ G_EXTERN int32_t g_screenCapture;
 G_EXTERN int32_t g_noEnemies;
 
 #ifndef global_c_
-G_EXTERN const char *s_buildDate;
-G_EXTERN int32_t g_spriteGravity;
-G_EXTERN int16_t g_spriteDeleteQueueSize;
-G_EXTERN char EpisodeNames[MAXVOLUMES][33];
-G_EXTERN char SkillNames[MAXSKILLS][33];
-G_EXTERN char GametypeNames[MAXGAMETYPES][33];
-G_EXTERN int32_t GametypeFlags[MAXGAMETYPES];
-G_EXTERN char g_numGametypes;
-G_EXTERN char g_numVolumes;
-G_EXTERN int32_t g_timerTicsPerSecond;
-G_EXTERN int32_t g_actorRespawnTime;
-G_EXTERN int32_t g_itemRespawnTime;
-G_EXTERN int32_t g_scriptSize;
-G_EXTERN int16_t BlimpSpawnSprites[15];
-G_EXTERN int32_t g_playerFriction;
-G_EXTERN int32_t g_numFreezeBounces;
-G_EXTERN int32_t g_lastSaveSlot;
-G_EXTERN int32_t g_rpgBlastRadius;
-G_EXTERN int32_t g_pipebombBlastRadius;
-G_EXTERN int32_t g_tripbombBlastRadius;
-G_EXTERN int32_t g_shrinkerBlastRadius;
-G_EXTERN int32_t g_morterBlastRadius;
-G_EXTERN int32_t g_bouncemineBlastRadius;
-G_EXTERN int32_t g_seenineBlastRadius;
-G_EXTERN char CheatKeys[2];
-G_EXTERN char setupfilename[BMAX_PATH];
+extern const char *s_buildDate;
+extern int32_t g_spriteGravity;
+extern int16_t g_spriteDeleteQueueSize;
+extern char EpisodeNames[MAXVOLUMES][33];
+extern char SkillNames[MAXSKILLS][33];
+extern char GametypeNames[MAXGAMETYPES][33];
+extern int32_t GametypeFlags[MAXGAMETYPES];
+extern char g_numGametypes;
+extern char g_numVolumes;
+extern int32_t g_timerTicsPerSecond;
+extern int32_t g_actorRespawnTime;
+extern int32_t g_itemRespawnTime;
+extern int32_t g_scriptSize;
+extern int16_t BlimpSpawnSprites[15];
+extern int32_t g_playerFriction;
+extern int32_t g_numFreezeBounces;
+extern int32_t g_lastSaveSlot;
+extern int32_t g_rpgBlastRadius;
+extern int32_t g_pipebombBlastRadius;
+extern int32_t g_tripbombBlastRadius;
+extern int32_t g_shrinkerBlastRadius;
+extern int32_t g_morterBlastRadius;
+extern int32_t g_bouncemineBlastRadius;
+extern int32_t g_seenineBlastRadius;
+extern char CheatKeys[2];
+extern char setupfilename[BMAX_PATH];
 #endif
 
 #ifdef __cplusplus

polymer/eduke32/source/lunatic/defs.ilua

@@ -640,7 +640,7 @@ int32_x_MAXSESSIONVARS g_elSessionVar;
 actor_t actor[MAXSPRITES];
 camera_t g_camera;
 user_defs ud;
-playerdata_t g_player[MAXPLAYERS];
+playerdata_t *const g_player;
 DukePlayer_t *g_player_ps[MAXPLAYERS];
 weapondata_x_MAX_WEAPONS g_playerWeapon[MAXPLAYERS];
 weapondata_t g_weaponOverridden[MAX_WEAPONS];

polymer/eduke32/source/player.h

@@ -328,7 +328,7 @@ typedef struct {
 
 extern input_t          inputfifo[MOVEFIFOSIZ][MAXPLAYERS];
 extern playerspawn_t    g_playerSpawnPoints[MAXPLAYERS];
-extern playerdata_t     g_player[MAXPLAYERS];
+extern playerdata_t     *const g_player;
 extern int16_t          WeaponPickupSprites[MAX_WEAPONS];
 extern hudweapon_t      hudweap;
 extern int32_t          g_levelTextTime;