Make g_player a +1 offset pointer into 'static g_player_s[1 + MAXPLAYER]'.

This fixes the out-of-bounds read of former g_player[] in VM_EventCommon_(). git-svn-id: https://svn.eduke32.com/eduke32@4961 1a8010ca-5511-0410-912e-c29ae57300e0
2025-01-26 00:40:56 +00:00 · 2015-02-07 17:29:11 +00:00 · 2015-02-07 17:29:11 +00:00 · 952a723229
commit 952a723229
parent c3ddf08fd1
4 changed files with 44 additions and 37 deletions
--- a/polymer/eduke32/build/src/engine.c
+++ b/polymer/eduke32/build/src/engine.c
@ -9079,17 +9079,15 @@ static int32_t preinitcalled = 0;
 // #define DYNALLOC_ARRAYS
-#ifndef DYNALLOC_ARRAYS
+#ifdef DYNALLOC_ARRAYS
-# if !defined DEBUG_MAIN_ARRAYS
+void *blockptr = NULL;
 #elif !defined DEBUG_MAIN_ARRAYS
 static spriteext_t spriteext_s[MAXSPRITES+MAXUNIQHUDID];
 static spritesmooth_t spritesmooth_s[MAXSPRITES+MAXUNIQHUDID];
 static sectortype sector_s[MAXSECTORS + M32_FIXME_SECTORS];
 static walltype wall_s[MAXWALLS + M32_FIXME_WALLS];
 static spritetype sprite_s[MAXSPRITES];
 static tspritetype tsprite_s[MAXSPRITESONSCREEN];
 # endif
 #else
 void *blockptr = NULL;
 #endif
 int32_t preinitengine(void)
@ -9142,15 +9140,13 @@ int32_t preinitengine(void)
        }
    }
-#else
+#elif !defined DEBUG_MAIN_ARRAYS
 # if !defined DEBUG_MAIN_ARRAYS
    sector = sector_s;
    wall = wall_s;
    sprite = sprite_s;
    tsprite = tsprite_s;
    spriteext = spriteext_s;
    spritesmooth = spritesmooth_s;
 # endif
 #endif
    if ((e = Bgetenv("BUILD_NOP6")) != NULL)
--- a/polymer/eduke32/source/global.h
+++ b/polymer/eduke32/source/global.h
@ -112,11 +112,22 @@ G_EXTERN intptr_t *g_scriptPtr;
 G_EXTERN int32_t *labelcode,*labeltype;
 G_EXTERN intptr_t *script;
 G_EXTERN map_t MapInfo[(MAXVOLUMES+1)*MAXLEVELS];  // +1 volume for "intro", "briefing" and "loading" music
 // XXX: I think this pragma pack is meaningless here.
 // MSDN (https://msdn.microsoft.com/en-us/library/2e70t5y1%28VS.80%29.aspx) says:
 // "pack takes effect at the first struct, union, or class declaration after
 //  the pragma is seen; pack has no effect on definitions."
 #pragma pack(push,1)
-G_EXTERN playerdata_t g_player[MAXPLAYERS];
+#ifdef global_c_
 static playerdata_t g_player_s[1 + MAXPLAYERS];
 playerdata_t *const g_player = &g_player_s[1];
 #else
 extern playerdata_t *const g_player;
 #endif
 G_EXTERN playerspawn_t g_playerSpawnPoints[MAXPLAYERS];
 G_EXTERN input_t inputfifo[MOVEFIFOSIZ][MAXPLAYERS];
 #pragma pack(pop)
 G_EXTERN projectile_t ProjectileData[MAXTILES];
 G_EXTERN projectile_t SpriteProjectile[MAXSPRITES];
 G_EXTERN sound_t g_sounds[MAXSOUNDS];
@ -129,32 +140,32 @@ G_EXTERN int32_t g_screenCapture;
 G_EXTERN int32_t g_noEnemies;
 #ifndef global_c_
-G_EXTERN const char *s_buildDate;
+extern const char *s_buildDate;
-G_EXTERN int32_t g_spriteGravity;
+extern int32_t g_spriteGravity;
-G_EXTERN int16_t g_spriteDeleteQueueSize;
+extern int16_t g_spriteDeleteQueueSize;
-G_EXTERN char EpisodeNames[MAXVOLUMES][33];
+extern char EpisodeNames[MAXVOLUMES][33];
-G_EXTERN char SkillNames[MAXSKILLS][33];
+extern char SkillNames[MAXSKILLS][33];
-G_EXTERN char GametypeNames[MAXGAMETYPES][33];
+extern char GametypeNames[MAXGAMETYPES][33];
-G_EXTERN int32_t GametypeFlags[MAXGAMETYPES];
+extern int32_t GametypeFlags[MAXGAMETYPES];
-G_EXTERN char g_numGametypes;
+extern char g_numGametypes;
-G_EXTERN char g_numVolumes;
+extern char g_numVolumes;
-G_EXTERN int32_t g_timerTicsPerSecond;
+extern int32_t g_timerTicsPerSecond;
-G_EXTERN int32_t g_actorRespawnTime;
+extern int32_t g_actorRespawnTime;
-G_EXTERN int32_t g_itemRespawnTime;
+extern int32_t g_itemRespawnTime;
-G_EXTERN int32_t g_scriptSize;
+extern int32_t g_scriptSize;
-G_EXTERN int16_t BlimpSpawnSprites[15];
+extern int16_t BlimpSpawnSprites[15];
-G_EXTERN int32_t g_playerFriction;
+extern int32_t g_playerFriction;
-G_EXTERN int32_t g_numFreezeBounces;
+extern int32_t g_numFreezeBounces;
-G_EXTERN int32_t g_lastSaveSlot;
+extern int32_t g_lastSaveSlot;
-G_EXTERN int32_t g_rpgBlastRadius;
+extern int32_t g_rpgBlastRadius;
-G_EXTERN int32_t g_pipebombBlastRadius;
+extern int32_t g_pipebombBlastRadius;
-G_EXTERN int32_t g_tripbombBlastRadius;
+extern int32_t g_tripbombBlastRadius;
-G_EXTERN int32_t g_shrinkerBlastRadius;
+extern int32_t g_shrinkerBlastRadius;
-G_EXTERN int32_t g_morterBlastRadius;
+extern int32_t g_morterBlastRadius;
-G_EXTERN int32_t g_bouncemineBlastRadius;
+extern int32_t g_bouncemineBlastRadius;
-G_EXTERN int32_t g_seenineBlastRadius;
+extern int32_t g_seenineBlastRadius;
-G_EXTERN char CheatKeys[2];
+extern char CheatKeys[2];
-G_EXTERN char setupfilename[BMAX_PATH];
+extern char setupfilename[BMAX_PATH];
 #endif
 #ifdef __cplusplus
--- a/polymer/eduke32/source/lunatic/defs.ilua
+++ b/polymer/eduke32/source/lunatic/defs.ilua
@ -640,7 +640,7 @@ int32_x_MAXSESSIONVARS g_elSessionVar;
 actor_t actor[MAXSPRITES];
 camera_t g_camera;
 user_defs ud;
-playerdata_t g_player[MAXPLAYERS];
+playerdata_t *const g_player;
 DukePlayer_t *g_player_ps[MAXPLAYERS];
 weapondata_x_MAX_WEAPONS g_playerWeapon[MAXPLAYERS];
 weapondata_t g_weaponOverridden[MAX_WEAPONS];
--- a/polymer/eduke32/source/player.h
+++ b/polymer/eduke32/source/player.h
@ -328,7 +328,7 @@ typedef struct {
 extern input_t          inputfifo[MOVEFIFOSIZ][MAXPLAYERS];
 extern playerspawn_t    g_playerSpawnPoints[MAXPLAYERS];
-extern playerdata_t     g_player[MAXPLAYERS];
+extern playerdata_t     *const g_player;
 extern int16_t          WeaponPickupSprites[MAX_WEAPONS];
 extern hudweapon_t      hudweap;
 extern int32_t          g_levelTextTime;