baselayer.c: fix an oob write to ylookup[] intoduced in r4695.

On Linux, it started manifesting itself since r4719 as crashes whose
backtraces pointed to malloc() and were not helpful. Valgrind finally
uncovered this.

git-svn-id: https://svn.eduke32.com/eduke32@4724 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
helixhorned 2014-11-06 23:43:47 +00:00
parent 502f5dac64
commit e8553b5398
2 changed files with 5 additions and 6 deletions

View file

@ -757,7 +757,6 @@ EXTERN int32_t yxaspect, viewingrange;
extern "C" {
#endif
EXTERN intptr_t *ylookup;
EXTERN int32_t ylookupsiz;
#ifdef __cplusplus
};
#endif

View file

@ -187,15 +187,15 @@ int32_t nx_unprotect(intptr_t beg, intptr_t end)
void calc_ylookup(int32_t bpl, int32_t lastyidx)
{
int32_t i, j=0;
lastyidx++;
static int32_t ylookupsiz;
Bassert(lastyidx <= MAXYDIM);
lastyidx++;
if (lastyidx > ylookupsiz)
{
if (ylookup)
Baligned_free(ylookup);
Baligned_free(ylookup);
ylookup = (intptr_t *)Xaligned_alloc(16, lastyidx * sizeof(intptr_t));
#if !defined(NOASM) && !defined(GEKKO) && !defined(__ANDROID__)
@ -213,7 +213,7 @@ void calc_ylookup(int32_t bpl, int32_t lastyidx)
j += (bpl << 2);
}
for (; i<=lastyidx; i++)
for (; i<lastyidx; i++)
{
ylookup[i] = j;
j += bpl;