Fix crash in R_PointToDist2 when passing -2147483648 (!1964) · Merge requests · STJr / SRB2 · GitLab

Snippets Groups Projects

Merged Hanicef requested to merge Hanicef/SRB2Classic:fix-pointtodist-negative-abs into next 2 years ago

So, here's a fun one: if any of the arguments to R_PointToDist2 is exactly -2147483648, the game crashes with a segfault. That's because 2147483648 cannot be represented as a 32-bit integer, and thus abs(-2147483648) == -2147483648. What then causes the crash is a check that picks the largest value of the two arguments will then pick the wrong one, causing it to fetch a value beyond the size of tantoangle and thus crash.

This can easily be reproduced by creating a Lua script containing this single line:

FixedHypot(-2147483648, 1572864)  -- latter value doesn't matter, I'm just using what originally triggered the bug.

Activity

sphere added Bug label 2 years ago

added Bug label
ChaoLoveIceMDBoy mentioned in issue #996 (closed) 2 years ago

mentioned in issue #996 (closed)
Alam Ed Arias added 762 commits 1 year ago
added 762 commits

cfb40d42...a68440c4 - 761 commits from branch STJr:next

80a227d7 - Merge branch SRB2:next into fix-pointtodist-negative-abs

Compare with previous version
Logan Aerl Arias merged 1 year ago

merged
Logan Aerl Arias mentioned in commit 03626bcc 1 year ago

mentioned in commit 03626bcc

Please register or sign in to reply