Loading levels without a level header through extras menu can crash the game
Glaber accidentally uncovered this when trying to set an unlockable level, but accidentally set the wrong map number for his warp option, making it warp to a map with no header. He then got a crash with with EIP 47ca42
, which leads to line 8355 in M_SetupChoosePlayer
:
if (mapheaderinfo[startmap-1]->typeoflevel & TOL_NIGHTS) // skip tagteam characters for NiGHTS levels
continue;
It is notable that the code block this line is in starts in requires these conditions:
if (!mapheaderinfo[startmap-1] || mapheaderinfo[startmap-1]->forcecharacter[0] == '\0')
This means that the map's level header can potentially be NULL
going through to the crash line, in other words we could be accessing a NULL
pointer. Not even a P_AllocMapHeader(startmap-1)
to allocate the map header with defaults preventing this from happening??!? (Which is how SRB2 normally deals with NULL
level headers when it actually needs to access them, and what we honestly should be doing here)
I don't have an example on me to actually showcase this crash, but I have a feeling one could definitely be made. Just make an unlockable level warp that leads to a map with no header, and you can experience the same crash for yourselves.