From e36abb25cb0e49a2097937bd1dcc6adbf23a40ec Mon Sep 17 00:00:00 2001
From: Kp <kp@valhallalegends.com>
Date: Sun, 14 Feb 2016 18:40:57 +0000
Subject: [PATCH] Fix invalid access reading demos

Casting the address of a short to `sbyte*` invites trouble.  In this
case, it allows uninitialized garbage to be used as the high bits of the
wall index.

Fixes: 553b31309946a6c2d201e17ddac53c4652baf243 ("Use vwallptr")
---
 similar/main/newdemo.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/similar/main/newdemo.cpp b/similar/main/newdemo.cpp
index 04b68ad55..2029c19fd 100644
--- a/similar/main/newdemo.cpp
+++ b/similar/main/newdemo.cpp
@@ -2959,8 +2959,10 @@ static int newdemo_read_frame_information(int rewrite)
 			wallnum_t back_wall_num, front_wall_num;
 			short l0,l1,l2,l3;
 
-			nd_read_byte((sbyte*)&front_wall_num);
-			nd_read_byte((sbyte*)&back_wall_num);
+			nd_read_byte(&type);
+			front_wall_num = type;
+			nd_read_byte(&type);
+			back_wall_num = type;
 			nd_read_byte(&type);
 			nd_read_byte(&state);
 			nd_read_byte(&cloak_value);