From 5c9958047d05129dd23b338e8a7f078f18db4d80 Mon Sep 17 00:00:00 2001 From: Matthew Fernandez Date: Sun, 11 Oct 2020 11:49:30 -0700 Subject: [PATCH] fix latent invalid pointer reference At the point at which this code appears, trnum can be negative. This is latent and does not cause a segfault because the compiler simply calculates a memory address to store into t, without doing any actual dereferences. However, debugging #56 revealed this invalid reference, which is undefined behavior with respect to the C standard. --- lib/ortho/partition.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/ortho/partition.c b/lib/ortho/partition.c index af104c315..b7d3f041e 100644 --- a/lib/ortho/partition.c +++ b/lib/ortho/partition.c @@ -324,7 +324,7 @@ static int traverse_polygon (int* visited, boxf* decomp, int size, segment_t* seg, trap_t* tr, int mcur, int trnum, int from, int flip, int dir) { - trap_t *t = &tr[trnum]; + trap_t *t; int mnew; int v0, v1; int do_switch = FALSE; @@ -332,6 +332,8 @@ traverse_polygon (int* visited, boxf* decomp, int size, segment_t* seg, trap_t* if ((trnum <= 0) || visited[trnum]) return size; + t = &tr[trnum]; + visited[trnum] = TRUE; if ((t->hi.y > t->lo.y) && -- 2.40.0