ref: a89a0e655d6a10d2d3951fb2f129d8ccdd2a4945
parent: 3cf762118e2817f8e5ce59cc408bb8c876f5ba48
author: Simon Howard <fraggle@soulsphere.org>
date: Sat Sep 2 15:33:22 EDT 2017
Add checks in P_RespawnSpecials(). When respawning a mobj we scan the mobjinfo[] array to find the type that represents the object. It's possible that we don't find it and in this case an array index overrun occurs. Handle this by exiting with an error rather than continuing. This was detected by cppcheck static analyses set up by @turol and blocking #939.
--- a/src/doom/p_mobj.c
+++ b/src/doom/p_mobj.c
@@ -653,7 +653,14 @@
if (mthing->type == mobjinfo[i].doomednum)
break;
}
-
+
+ if (i >= NUMMOBJTYPES)
+ {+ I_Error("P_RespawnSpecials: Failed to find mobj type with doomednum "+ "%d when respawning thing. This would cause a buffer overrun "
+ "in vanilla Doom", mthing->type);
+ }
+
// spawn it
if (mobjinfo[i].flags & MF_SPAWNCEILING)
z = ONCEILINGZ;
--- a/src/strife/p_mobj.c
+++ b/src/strife/p_mobj.c
@@ -782,6 +782,13 @@
break;
}
+ if (i >= NUMMOBJTYPES)
+ {+ I_Error("P_RespawnSpecials: Failed to find mobj type with doomednum "+ "%d when respawning thing. This would cause a buffer overrun "
+ "in vanilla Strife.", mthing->type);
+ }
+
// spawn it
if (mobjinfo[i].flags & MF_SPAWNCEILING)
z = ONCEILINGZ;