From 4a6ded3f982f5bc5e761ff9c3626caca9624c02c Mon Sep 17 00:00:00 2001 From: helixhorned <helixhorned@1a8010ca-5511-0410-912e-c29ae57300e0> Date: Wed, 2 Jan 2013 22:33:27 +0000 Subject: [PATCH] engine: fix a possible crash with texel-hitscan. Reproduced as follows (assuming all tiles have texel-hitscan for simplicity): In E2L5, shoot the opening switch with the shotgun, aiming for the border. The crash occurs because the *other*, depressed switch tile isn't yet loaded when we index into its tile storage. Dereferencing 0+small number == BAD! git-svn-id: https://svn.eduke32.com/eduke32@3364 1a8010ca-5511-0410-912e-c29ae57300e0 --- polymer/eduke32/build/src/engine.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/polymer/eduke32/build/src/engine.c b/polymer/eduke32/build/src/engine.c index 5fec63876..d8938a241 100644 --- a/polymer/eduke32/build/src/engine.c +++ b/polymer/eduke32/build/src/engine.c @@ -11670,14 +11670,20 @@ restart_grand: { if (picanm[tilenum].sf&PICANM_TEXHITSCAN_BIT) { - // daz-intz > 0 && daz-intz < k - int32_t xtex = mulscale16(ucoefup16, tilesizx[tilenum]); - int32_t vcoefup16 = 65536-divscale16(daz-intz, k); - int32_t ytex = mulscale16(vcoefup16, tilesizy[tilenum]); + if (!waloff[tilenum]) + loadtile(tilenum); - const char *texel = (char *)(waloff[tilenum] + tilesizy[tilenum]*xtex + ytex); - if (*texel == 255) - continue; + if (waloff[tilenum]) + { + // daz-intz > 0 && daz-intz < k + int32_t xtex = mulscale16(ucoefup16, tilesizx[tilenum]); + int32_t vcoefup16 = 65536-divscale16(daz-intz, k); + int32_t ytex = mulscale16(vcoefup16, tilesizy[tilenum]); + + const char *texel = (char *)(waloff[tilenum] + tilesizy[tilenum]*xtex + ytex); + if (*texel == 255) + continue; + } } hit_set(hit, dasector, -1, z, intx, inty, intz);