From 32187e428f20c46afe591ab8c29b0d7d703ded08 Mon Sep 17 00:00:00 2001
From: Chris Taylor <kreatordxx@dxx-rebirth.bzr.sourceforge.net>
Date: Mon, 21 Feb 2011 14:36:18 +0800
Subject: [PATCH] Fix a critical bug in string_array_add - when d_reallocing
 the buffer containing the string data, update all the pointers in '*list' as
 well as next_str, preventing ugly crashes

---
 CHANGELOG.txt  |  4 ++++
 misc/strutil.c | 16 +++++++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 6c8a38de2..8252d1dd3 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,5 +1,9 @@
 D1X-Rebirth Changelog
 
+20110221
+--------
+misc/strutil.c: Fix a critical bug in string_array_add - when d_reallocing the buffer containing the string data, update all the pointers in '*list' as well as next_str, preventing ugly crashes
+
 20110218
 --------
 arch/ogl/ogl.c, include/ogl_init.h, main/endlevel.c, main/object.c: Draw laser effects with special blending instead of disabled DepthMask; Added special blending for transparency effects as well to let them kick more ass; Corrections while rendering outside part of endlevel sequence with disabled depth testing and dynamically changing Render_depth to make the mine exit visible again while not rendering the exit tunnel tru the planet terrain
diff --git a/misc/strutil.c b/misc/strutil.c
index 9e75a1a74..e1bee2b28 100644
--- a/misc/strutil.c
+++ b/misc/strutil.c
@@ -260,11 +260,20 @@ int string_array_add(char ***list, char **list_buf, int *num_str, int *max_str,
 	
 	if (next_str + strlen(str) + 1 - *list_buf >= *max_buf)
 	{
-		char *new_buf = d_realloc(*list_buf, *max_buf*sizeof(char)*MEM_K);
+		int i;
+		char *new_buf;
+		
+		new_buf = d_realloc(*list_buf, *max_buf*sizeof(char)*MEM_K);
 		if (new_buf == NULL)
 			return 0;
+
+		// Update all the pointers in the pointer list
+		for (i = 0; i < *num_str; i++)
+			(*list)[i] += (new_buf - *list_buf);
+
 		*max_buf *= MEM_K;
 		*list_buf = new_buf;
+		next_str = *num_str ? (*list)[*num_str - 1] + strlen((*list)[*num_str - 1]) + 1 : *list_buf;
 	}
 	
 	strcpy(next_str, str);
@@ -291,13 +300,14 @@ void string_array_tidy(char ***list, char **list_buf, int *num_str, int *max_str
 		*max_str = *num_str;
 	}
 	
-	temp_buf = d_realloc(*list_buf, (j = *num_str ? (*list)[*num_str - 1] + strlen((*list)[*num_str - 1]) + 1 - *list_buf : 1));
+	j = *num_str ? (*list)[*num_str - 1] + strlen((*list)[*num_str - 1]) + 1 - *list_buf : 1;	// buffer size - a bit of variable recycling
+	temp_buf = d_realloc(*list_buf, j);
 	if (temp_buf)
 	{
 		for (i = 0; i < *num_str; i++)
 			(*list)[i] += (temp_buf - *list_buf);
 		*list_buf = temp_buf;
-		*max_buf = j;	// set to buffer size used - a bit of variable recycling here
+		*max_buf = j;	// set to buffer size used
 	}
 	
 	// Sort by name, starting at offset