[Shared] Fix crash when passing invalid animations to PM_AnimLength. F…

…ixes #943. Ref #939. Thanks to @peter-kien for pointing out the cause of UB
JACoders · Dec 24, 2017 · 92059a6 · 92059a6
1 parent ae3900f
commit 92059a6
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 19 deletions.
diff --git a/code/game/bg_panimate.cpp b/code/game/bg_panimate.cpp
@@ -4373,12 +4373,12 @@ PM_AnimLength
 -------------------------
 */
 
-int PM_AnimLength( int index, animNumber_t anim )
-{
-	if ( ValidAnimFileIndex( index ) == false )
+int PM_AnimLength( int index, animNumber_t anim ) {
+	if ( !ValidAnimFileIndex( index ) || (int)anim < 0 || anim >= MAX_ANIMATIONS ) {
 		return 0;
+	}
 
-	return level.knownAnimFileSets[index].animations[anim].numFrames * abs(level.knownAnimFileSets[index].animations[anim].frameLerp);
+	return level.knownAnimFileSets[index].animations[anim].numFrames * abs( level.knownAnimFileSets[index].animations[anim].frameLerp );
 }
 
 /*

diff --git a/codeJK2/game/bg_panimate.cpp b/codeJK2/game/bg_panimate.cpp
@@ -2035,10 +2035,10 @@ PM_AnimLength
 -------------------------
 */
 
-int PM_AnimLength( int index, animNumber_t anim )
-{
-	if ( ValidAnimFileIndex( index ) == false )
+int PM_AnimLength( int index, animNumber_t anim ) {
+	if ( !ValidAnimFileIndex( index ) || (int)anim < 0 || anim >= MAX_ANIMATIONS ) {
 		return 0;
+	}
 
 	return level.knownAnimFileSets[index].animations[anim].numFrames * fabs((double)(level.knownAnimFileSets[index].animations[anim].frameLerp));
 }

diff --git a/codemp/game/bg_panimate.c b/codemp/game/bg_panimate.c
@@ -1589,25 +1589,21 @@ and anim number. Obviously does not take things like the length of the
 anim while force speeding (as an example) and whatnot into account.
 =============
 */
-int BG_AnimLength( int index, animNumber_t anim )
-{
-	if (anim >= MAX_ANIMATIONS)
-	{
-		return -1;
+int BG_AnimLength( int index, animNumber_t anim ) {
+	if ( (int)anim < 0 || anim >= MAX_ANIMATIONS ) {
+		return 0;
 	}
 
-	return bgAllAnims[index].anims[anim].numFrames * fabs((float)(bgAllAnims[index].anims[anim].frameLerp));
+	return bgAllAnims[index].anims[anim].numFrames * fabs( (float)(bgAllAnims[index].anims[anim].frameLerp) );
 }
 
 //just use whatever pm->animations is
-int PM_AnimLength( int index, animNumber_t anim )
-{
-	if (anim >= MAX_ANIMATIONS || !pm->animations)
-	{
-		return -1;
+int PM_AnimLength( int index, animNumber_t anim ) {
+	if ( !pm->animations || (int)anim < 0 || anim >= MAX_ANIMATIONS ) {
+		return 0;
 	}
 
-	return pm->animations[anim].numFrames * fabs((float)(pm->animations[anim].frameLerp));
+	return pm->animations[anim].numFrames * fabs( (float)(pm->animations[anim].frameLerp) );
 }
 
 void PM_DebugLegsAnim(int anim)