From 7f9e9d58c4ecb3a473cffd32a3c09848b12d6c3a Mon Sep 17 00:00:00 2001 From: Andrei Karas Date: Tue, 27 Mar 2018 04:37:38 +0300 Subject: Fix possible crash in recalcSpritesOrder. This can happend if try to change unallocated slot in being. --- src/being/being.cpp | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/being/being.cpp b/src/being/being.cpp index acea75bd4..8cedc4fa8 100644 --- a/src/being/being.cpp +++ b/src/being/being.cpp @@ -4420,18 +4420,20 @@ void Being::recalcSpritesOrder() restrict2 { FOR_EACHP (SpriteToItemMapCIter, itr, spriteToItems) { - const int remSprite = itr->first; + const int remSlot = itr->first; const IntMap &restrict itemReplacer = itr->second; - if (remSprite >= 0) + if (remSlot >= 0) { // slot known + if (CAST_U32(remSlot) >= spriteIdSize) + continue; if (itemReplacer.empty()) { - mSpriteHide[remSprite] = 1; + mSpriteHide[remSlot] = 1; } - else if (mSpriteHide[remSprite] != 1) + else if (mSpriteHide[remSlot] != 1) { IntMapCIter repIt = itemReplacer.find( - mSlots[remSprite].spriteId); + mSlots[remSlot].spriteId); if (repIt == itemReplacer.end()) { repIt = itemReplacer.find(0); @@ -4443,21 +4445,21 @@ void Being::recalcSpritesOrder() restrict2 } if (repIt != itemReplacer.end()) { - mSpriteHide[remSprite] = repIt->second; + mSpriteHide[remSlot] = repIt->second; if (repIt->second != 1) { - if (CAST_U32(remSprite) + if (CAST_U32(remSlot) != hairSlot) { - setTempSprite(remSprite, + setTempSprite(remSlot, repIt->second); } else { - setHairTempSprite(remSprite, + setHairTempSprite(remSlot, repIt->second); } - updatedSprite[remSprite] = true; + updatedSprite[remSlot] = true; } } } -- cgit v1.2.3-70-g09d2