From 11b4fcdc1cda4fa4166cfb4cb5b55f6765a01588 Mon Sep 17 00:00:00 2001 From: toaster Date: Tue, 3 Jan 2023 20:20:22 +0000 Subject: [PATCH] Remove heinous pointer-sent-over-the-network hack remnants This used to be used for `P_RelinkPointers()`, but was superseded by the far saner mobjnum. HOWEVER, its lingering effect was to leave `mobj->info` in an invalid state until a later `P_FinishMobjs()` was called. This is memory unsafety :D After removing the last remnants of this ancient hack, it is now once again possible to connect to a server without crashing immediately. However, I did get a crash after a few seconds, so there is definitely still *something* nasty going on under the hood. --- src/p_saveg.c | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/src/p_saveg.c b/src/p_saveg.c index 7696ed964..1fd515a1f 100644 --- a/src/p_saveg.c +++ b/src/p_saveg.c @@ -2106,9 +2106,6 @@ static void SaveMobjThinker(savebuffer_t *save, const thinker_t *th, const UINT8 if (diff & MD_MORE) WRITEUINT32(save->p, diff2); - // save pointer, at load time we will search this pointer to reinitilize pointers - WRITEUINT32(save->p, (size_t)mobj); - WRITEFIXED(save->p, mobj->z); // Force this so 3dfloor problems don't arise. WRITEFIXED(save->p, mobj->floorz); WRITEFIXED(save->p, mobj->ceilingz); @@ -3141,7 +3138,6 @@ static inline pslope_t *LoadSlope(UINT32 slopeid) static thinker_t* LoadMobjThinker(savebuffer_t *save, actionf_p1 thinker) { - thinker_t *next; mobj_t *mobj; UINT32 diff; UINT32 diff2; @@ -3155,8 +3151,6 @@ static thinker_t* LoadMobjThinker(savebuffer_t *save, actionf_p1 thinker) else diff2 = 0; - next = (void *)(size_t)READUINT32(save->p); - z = READFIXED(save->p); // Force this so 3dfloor problems don't arise. floorz = READFIXED(save->p); ceilingz = READFIXED(save->p); @@ -3478,8 +3472,6 @@ static thinker_t* LoadMobjThinker(savebuffer_t *save, actionf_p1 thinker) if (diff2 & MD2_KITEMCAP) P_SetTarget(&kitemcap, mobj); - mobj->info = (mobjinfo_t *)next; // temporarily, set when leave this function - R_AddMobjInterpolator(mobj); return &mobj->thinker; @@ -4416,23 +4408,6 @@ static inline void P_UnArchivePolyObjects(savebuffer_t *save) P_UnArchivePolyObj(save, &PolyObjects[i]); } -static inline void P_FinishMobjs(void) -{ - thinker_t *currentthinker; - mobj_t *mobj; - - // put info field there real value - for (currentthinker = thlist[THINK_MOBJ].next; currentthinker != &thlist[THINK_MOBJ]; - currentthinker = currentthinker->next) - { - if (currentthinker->function.acp1 == (actionf_p1)P_RemoveThinkerDelayed) - continue; - - mobj = (mobj_t *)currentthinker; - mobj->info = &mobjinfo[mobj->type]; - } -} - static void P_RelinkPointers(void) { thinker_t *currentthinker; @@ -5214,7 +5189,6 @@ boolean P_LoadNetGame(savebuffer_t *save, boolean reloading) P_NetUnArchiveTubeWaypoints(save); P_NetUnArchiveWaypoints(save); P_RelinkPointers(); - P_FinishMobjs(); } LUA_UnArchive(save, true);