From f028bb021947d4ab9dc69566c2f95efc41a9acdd Mon Sep 17 00:00:00 2001 From: Monster Iestyn Date: Mon, 16 Dec 2019 17:46:27 +0000 Subject: [PATCH] Fix `numoflines` calculations in sectorlines_* functions by first typecasting seclines (the sector.lines address) to size_t before doing any math on it, then (after the math) typecast the result to size_t * and dereference it. And yes, this time I tested it to make sure it works :) --- src/lua_maplib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lua_maplib.c b/src/lua_maplib.c index 0fe1df0b6..b35bb6a41 100644 --- a/src/lua_maplib.c +++ b/src/lua_maplib.c @@ -445,7 +445,7 @@ static int sectorlines_get(lua_State *L) // get the "linecount" by shifting our retrieved memory address of "lines" to where "linecount" is in the sector_t, then dereferencing the result // we need this to determine the array's actual size, and therefore also the maximum value allowed as an index // this only works if seclines is actually a pointer to a sector's lines member in memory, oh boy - numoflines = (size_t)(*(seclines - (offsetof(sector_t, lines) - offsetof(sector_t, linecount)))); + numoflines = (size_t)(*(size_t *)(((size_t)seclines) - (offsetof(sector_t, lines) - offsetof(sector_t, linecount)))); /* OLD HACK // check first linedef to figure which of its sectors owns this sector->lines pointer @@ -479,7 +479,7 @@ static int sectorlines_num(lua_State *L) return luaL_error(L, "accessed sector_t.lines doesn't exist anymore."); // see comments in the _get function above - numoflines = (size_t)(*(seclines - (offsetof(sector_t, lines) - offsetof(sector_t, linecount)))); + numoflines = (size_t)(*(size_t *)(((size_t)seclines) - (offsetof(sector_t, lines) - offsetof(sector_t, linecount)))); lua_pushinteger(L, numoflines); return 1; }