Skip to content

Fix segfault when damaging mobj with no painstate

Hanicef requested to merge Hanicef/SRB2:fix-mobj-damage-null-pain-state into next

When calling P_DamageMobj from Lua on objects that has no painstate, there's a chance that the game segfaults. This is because P_SetMobjState removes the mobj if the target state is S_NULL, and nothing checks if the mobj is removed afterwards (this is getting old at this point...). However, this only happens if there's a source, since otherwise P_SetTarget is not called on the target, which means no dereferencing is performed and therefore no segfault.

The bug can be easily reproduced with this code:

local a = P_SpawnMobj(0, 0, 0, MT_FACESTABBER)
local b = P_SpawnMobj(0, 0, 0, MT_UNKNOWN)
a.info.painstate = S_NULL
P_DamageMobj(a, nil, b)

As always with these kinds of bugs, compile with DEBUGMODE=1 since otherwise the bug doesn't trigger consistently.

Merge request reports