Check type before checking signature. Objects with type OBJ_NONE are
not guaranteed to have any particular signature. Commit 91d31b1 removed
the statement which cleared the signature when the type changes to
OBJ_NONE.
Fixes: 91d31b1952 ("Wrap object signature in subtype")
Some call sites pass a uint8_t to objnum_remote_to_local, which is
zero-extended up to an int. The check for owner==-1 then fails, causing
the sanity check to trap to the debugger, even though the situation is
normal and harmless. Switch the type to int8_t to ensure that the value
is not sign/zero-extended.
There is a an out-of-bounds access in digi_mixer_start_sound() when
soundnum is < 0. The bounds check I added here is already present in
digi_audio_start_sound().
This bug was triggered on the RPi d2x built when trying to show the
briefing screen because briefing_new_screen() tries to play
SOUND_BRIEFING_HUM, which digi_xlat_sound() translated to -1 in this
situation. The game finally crashed in mixdigi_convert_sound() because
GameSounds[-1] happened to contain some non-zero data (on my Linux desktop,
that memory seems to be always 0 by accident...). This was also the reason
why the pi version tried to allocate lots of memory before it crashed in
memcpy().
Kp already incorporated some small changes I made in my rpi branch into
unification/master. However, besides making the rpi helper functions
static as I did, he also changed the prototype from (void) parameters
to C++ style (). I've incorporated his version here.
Conflicts:
similar/arch/ogl/gr.cpp
Rebirth builds with -Werror=redundant-decls -Werror=undef, which are
triggered by the bcm_host.h. Making gcc treat those paths as
system headers avoids these issues. This was suggested by Kp.
If a sound is used, it may dereference Viewer. If Viewer is null, this
will crash. In 630f11945e,
digi_sync_sounds changed to assume Viewer is valid. This crashes during
early startup when not using the SDL_mixer backend, even though no
sounds are in use.
Reported-by: derhass <https://github.com/dxx-rebirth/dxx-rebirth/issues/45>
Fixes: 630f11945e ("Cache Viewer in digiobj")