Fix segfault when removing mobjs while iterating thinglist (!2293) · Merge requests · STJr / SRB2

Hanicef requested to merge Hanicef/SRB2:fix-segfault-remove-thinglist into next Feb 07, 2024

If P_RemoveMobj is called on an entry that is currently being iterated through sector.thinglist(), the game segfaults due to it not checking if the value has been deallocated already. This is fixed by simply verifying if the object has been deallocated, and returns an error if it has.

This Lua script can be used to trigger the segfault:

COM_AddCommand("clearmobjs", function (player)
	for sector in sectors.iterate do
		for mobj in sector.thinglist() do
			if not mobj.player then
				P_RemoveMobj(mobj)
			end
		end
	end
end)

Note that you need to compile the game with DEBUGMODE=1 in order to trigger this bug consistently!

Fix segfault when removing mobjs while iterating thinglist

Merge request reports