summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrei Karas <akaras@inbox.ru>2018-03-27 04:37:38 +0300
committerAndrei Karas <akaras@inbox.ru>2018-03-27 04:37:38 +0300
commit7f9e9d58c4ecb3a473cffd32a3c09848b12d6c3a (patch)
tree7fdf3396ea2ce2dc65eb52068267eff4ff1ca69b
parentb07f9c8add5905efb9b3f4cefa50898e69f06ebc (diff)
downloadmv-7f9e9d58c4ecb3a473cffd32a3c09848b12d6c3a.tar.gz
mv-7f9e9d58c4ecb3a473cffd32a3c09848b12d6c3a.tar.bz2
mv-7f9e9d58c4ecb3a473cffd32a3c09848b12d6c3a.tar.xz
mv-7f9e9d58c4ecb3a473cffd32a3c09848b12d6c3a.zip
Fix possible crash in recalcSpritesOrder.
This can happend if try to change unallocated slot in being.
-rw-r--r--src/being/being.cpp22
1 files changed, 12 insertions, 10 deletions
diff --git a/src/being/being.cpp b/src/being/being.cpp
index acea75bd4..8cedc4fa8 100644
--- a/src/being/being.cpp
+++ b/src/being/being.cpp
@@ -4420,18 +4420,20 @@ void Being::recalcSpritesOrder() restrict2
{
FOR_EACHP (SpriteToItemMapCIter, itr, spriteToItems)
{
- const int remSprite = itr->first;
+ const int remSlot = itr->first;
const IntMap &restrict itemReplacer = itr->second;
- if (remSprite >= 0)
+ if (remSlot >= 0)
{ // slot known
+ if (CAST_U32(remSlot) >= spriteIdSize)
+ continue;
if (itemReplacer.empty())
{
- mSpriteHide[remSprite] = 1;
+ mSpriteHide[remSlot] = 1;
}
- else if (mSpriteHide[remSprite] != 1)
+ else if (mSpriteHide[remSlot] != 1)
{
IntMapCIter repIt = itemReplacer.find(
- mSlots[remSprite].spriteId);
+ mSlots[remSlot].spriteId);
if (repIt == itemReplacer.end())
{
repIt = itemReplacer.find(0);
@@ -4443,21 +4445,21 @@ void Being::recalcSpritesOrder() restrict2
}
if (repIt != itemReplacer.end())
{
- mSpriteHide[remSprite] = repIt->second;
+ mSpriteHide[remSlot] = repIt->second;
if (repIt->second != 1)
{
- if (CAST_U32(remSprite)
+ if (CAST_U32(remSlot)
!= hairSlot)
{
- setTempSprite(remSprite,
+ setTempSprite(remSlot,
repIt->second);
}
else
{
- setHairTempSprite(remSprite,
+ setHairTempSprite(remSlot,
repIt->second);
}
- updatedSprite[remSprite] = true;
+ updatedSprite[remSlot] = true;
}
}
}