fix a crash when s->tag_entity is higher than current d->maxedicts
authorhavoc <havoc@d7cf8633-e32d-0410-b094-e92efae38249>
Sat, 16 Apr 2005 09:15:18 +0000 (09:15 +0000)
committerhavoc <havoc@d7cf8633-e32d-0410-b094-e92efae38249>
Sat, 16 Apr 2005 09:15:18 +0000 (09:15 +0000)
git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@5185 d7cf8633-e32d-0410-b094-e92efae38249

protocol.c
protocol.h
sv_user.c

index 38e6783..702dbbd 100644 (file)
@@ -1420,18 +1420,26 @@ void EntityFrame5_ExpandEdicts(entityframe5_database_t *d, int newmax)
        }
 }
 
-int EntityState5_Priority(entityframe5_database_t *d, entity_state_t *view, entity_state_t *s, int changedbits, int age)
+int EntityState5_Priority(entityframe5_database_t *d, int stateindex)
 {
        int lowprecision, limit, priority;
        double distance;
+       int changedbits;
+       int age;
+       entity_state_t *view, *s;
+       changedbits = d->deltabits[stateindex];
        if (!changedbits)
                return 0;
-       if (!s->active/* && changedbits & E5_FULLUPDATE*/)
+       if (!d->states[stateindex].active/* && changedbits & E5_FULLUPDATE*/)
                return E5_PROTOCOL_PRIORITYLEVELS - 1;
        // check whole attachment chain to judge relevance to player
+       view = d->states + d->viewentnum;
        lowprecision = false;
        for (limit = 0;limit < 256;limit++)
        {
+               if (d->maxedicts < stateindex)
+                       EntityFrame5_ExpandEdicts(d, (stateindex+256)&~255);
+               s = d->states + stateindex;
                if (s == view)
                        return E5_PROTOCOL_PRIORITYLEVELS - 1;
                if (s->flags & RENDER_VIEWMODEL)
@@ -1444,12 +1452,16 @@ int EntityState5_Priority(entityframe5_database_t *d, entity_state_t *view, enti
                                return E5_PROTOCOL_PRIORITYLEVELS - 1;
                        break;
                }
-               s = d->states + s->tagentity;
+               stateindex = s->tagentity;
        }
        if (limit >= 256)
-               Con_Printf("Protocol: Runaway loop recursing tagentity links on entity %i\n", s->number);
+       {
+               Con_Printf("Protocol: Runaway loop recursing tagentity links on entity %i\n", stateindex);
+               return 0;
+       }
        // it's not a viewmodel for this client
        distance = VectorDistance(view->origin, s->origin);
+       age = d->latestframenum - d->updateframenum[stateindex];
        priority = (E5_PROTOCOL_PRIORITYLEVELS / 2) + age - (int)(distance * (E5_PROTOCOL_PRIORITYLEVELS / 16384.0f));
        if (lowprecision)
                priority -= (E5_PROTOCOL_PRIORITYLEVELS / 4);
@@ -1852,7 +1864,7 @@ void EntityFrame5_CL_ReadFrame(void)
        }
 }
 
-void EntityFrame5_LostFrame(entityframe5_database_t *d, int framenum, int viewentnum)
+void EntityFrame5_LostFrame(entityframe5_database_t *d, int framenum)
 {
        int i, j, k, l, bits;
        entityframe5_changestate_t *s, *s2;
@@ -1889,10 +1901,7 @@ void EntityFrame5_LostFrame(entityframe5_database_t *d, int framenum, int viewen
                                // if the bits haven't all been cleared, there were some bits
                                // lost with this packet, so set them again now
                                if (bits)
-                               {
                                        d->deltabits[s->number] |= bits;
-                                       d->priorities[s->number] = EntityState5_Priority(d, d->states + viewentnum, d->states + s->number, d->deltabits[s->number], d->latestframenum - d->updateframenum[s->number]);
-                               }
                        }
                        // mark lost stats
                        for (j = 0;j < MAX_CL_STATS;j++)
@@ -1936,6 +1945,7 @@ void EntityFrame5_WriteFrame(sizebuf_t *msg, entityframe5_database_t *d, int num
                EntityFrame5_ExpandEdicts(d, (sv.num_edicts + 255) & ~255);
 
        framenum = d->latestframenum + 1;
+       d->viewentnum = viewentnum;
 
        // if packet log is full, mark all frames as lost, this will cause
        // it to send the lost data again
@@ -1944,7 +1954,7 @@ void EntityFrame5_WriteFrame(sizebuf_t *msg, entityframe5_database_t *d, int num
                        break;
        if (packetlognumber == ENTITYFRAME5_MAXPACKETLOGS)
        {
-               EntityFrame5_LostFrame(d, framenum, viewentnum);
+               EntityFrame5_LostFrame(d, framenum);
                packetlognumber = 0;
        }
 
@@ -1975,7 +1985,7 @@ void EntityFrame5_WriteFrame(sizebuf_t *msg, entityframe5_database_t *d, int num
                        {
                                CLEARPVSBIT(d->visiblebits, num);
                                d->deltabits[num] = E5_FULLUPDATE;
-                               d->priorities[num] = EntityState5_Priority(d, d->states + viewentnum, d->states + num, d->deltabits[num], framenum - d->updateframenum[num]);
+                               d->priorities[num] = EntityState5_Priority(d, num);
                                d->states[num] = defaultstate;
                                d->states[num].number = num;
                        }
@@ -1989,7 +1999,7 @@ void EntityFrame5_WriteFrame(sizebuf_t *msg, entityframe5_database_t *d, int num
                }
                SETPVSBIT(d->visiblebits, num);
                d->deltabits[num] |= EntityState5_DeltaBits(d->states + num, n);
-               d->priorities[num] = EntityState5_Priority(d, d->states + viewentnum, d->states + num, d->deltabits[num], framenum - d->updateframenum[num]);
+               d->priorities[num] = EntityState5_Priority(d, num);
                d->states[num] = *n;
                d->states[num].number = num;
                // advance to next entity so the next iteration doesn't immediately remove it
@@ -2002,7 +2012,7 @@ void EntityFrame5_WriteFrame(sizebuf_t *msg, entityframe5_database_t *d, int num
                {
                        CLEARPVSBIT(d->visiblebits, num);
                        d->deltabits[num] = E5_FULLUPDATE;
-                       d->priorities[num] = EntityState5_Priority(d, d->states + viewentnum, d->states + num, d->deltabits[num], framenum - d->updateframenum[num]);
+                       d->priorities[num] = EntityState5_Priority(d, num);
                        d->states[num] = defaultstate;
                        d->states[num].number = num;
                }
index 96e46ef..b0ff854 100644 (file)
@@ -716,6 +716,8 @@ typedef struct entityframe5_database_s
 {
        // number of the latest message sent to client
        int latestframenum;
+       // updated by WriteFrame for internal use
+       int viewentnum;
 
        // logs of all recently sent messages (between acked and latest)
        entityframe5_packetlog_t packetlog[ENTITYFRAME5_MAXPACKETLOGS];
@@ -760,11 +762,10 @@ entityframe5_database_t;
 entityframe5_database_t *EntityFrame5_AllocDatabase(mempool_t *pool);
 void EntityFrame5_FreeDatabase(entityframe5_database_t *d);
 void EntityFrame5_ResetDatabase(entityframe5_database_t *d);
-int EntityState5_Priority(entityframe5_database_t *d, entity_state_t *view, entity_state_t *s, int changedbits, int age);
 void EntityState5_WriteUpdate(int number, const entity_state_t *s, int changedbits, sizebuf_t *msg);
 int EntityState5_DeltaBitsForState(entity_state_t *o, entity_state_t *n);
 void EntityFrame5_CL_ReadFrame(void);
-void EntityFrame5_LostFrame(entityframe5_database_t *d, int framenum, int viewentnum);
+void EntityFrame5_LostFrame(entityframe5_database_t *d, int framenum);
 void EntityFrame5_AckFrame(entityframe5_database_t *d, int framenum);
 void EntityFrame5_WriteFrame(sizebuf_t *msg, entityframe5_database_t *d, int numstates, const entity_state_t *states, int viewentnum, int *stats);
 
index 7015dd5..24cc9a7 100644 (file)
--- a/sv_user.c
+++ b/sv_user.c
@@ -709,7 +709,7 @@ void SV_ReadClientMove (usercmd_t *move)
 void SV_FrameLost(int framenum)
 {
        if (host_client->entitydatabase5)
-               EntityFrame5_LostFrame(host_client->entitydatabase5, framenum, host_client - svs.clients + 1);
+               EntityFrame5_LostFrame(host_client->entitydatabase5, framenum);
 }
 
 void SV_FrameAck(int framenum)