Fix segfault when damaging mobj with no painstate (!1968) · Merge requests · STJr / SRB2 · GitLab

Snippets Groups Projects

Merged Hanicef requested to merge Hanicef/SRB2Classic:fix-mobj-damage-null-pain-state into next 2 years ago

When calling P_DamageMobj from Lua on objects that has no painstate, there's a chance that the game segfaults. This is because P_SetMobjState removes the mobj if the target state is S_NULL, and nothing checks if the mobj is removed afterwards (this is getting old at this point...). However, this only happens if there's a source, since otherwise P_SetTarget is not called on the target, which means no dereferencing is performed and therefore no segfault.

The bug can be easily reproduced with this code:

local a = P_SpawnMobj(0, 0, 0, MT_FACESTABBER)
local b = P_SpawnMobj(0, 0, 0, MT_UNKNOWN)
a.info.painstate = S_NULL
P_DamageMobj(a, nil, b)

As always with these kinds of bugs, compile with DEBUGMODE=1 since otherwise the bug doesn't trigger consistently.

Activity

sphere added Bug label 2 years ago

added Bug label
Monster Iestyn approved this merge request 2 years ago

approved this merge request
sphere changed milestone to %2.2.11 2 years ago

changed milestone to %2.2.11
sphere merged 2 years ago

merged
sphere mentioned in commit f83f1a12 2 years ago

mentioned in commit f83f1a12

Please register or sign in to reply