fix latent invalid pointer reference

At the point at which this code appears, trnum can be negative. This is latent
and does not cause a segfault because the compiler simply calculates a memory
address to store into t, without doing any actual dereferences. However,
debugging #56 revealed this invalid reference, which is undefined behavior with
respect to the C standard.

diff --git a/lib/ortho/partition.c b/lib/ortho/partition.c
index af104c3156f1dc4e82ea5f170787e6286bf90d12..b7d3f041e2115a1f62323e97ee869d011c8f23bc 100644 (file)
--- a/lib/ortho/partition.c
+++ b/lib/ortho/partition.c
@@ -324,7 +324,7 @@ static int
 traverse_polygon (int* visited, boxf* decomp, int size, segment_t* seg, trap_t* tr,
     int mcur, int trnum, int from, int flip, int dir)
 {
-  trap_t *t = &tr[trnum];
+  trap_t *t;
   int mnew;
   int v0, v1;
   int do_switch = FALSE;
@@ -332,6 +332,8 @@ traverse_polygon (int* visited, boxf* decomp, int size, segment_t* seg, trap_t*
   if ((trnum <= 0) || visited[trnum])
     return size;
 
+  t = &tr[trnum];
+
   visited[trnum] = TRUE;
   
   if ((t->hi.y > t->lo.y) &&