Index: head/games/dhewm3/Makefile =================================================================== --- head/games/dhewm3/Makefile (revision 404197) +++ head/games/dhewm3/Makefile (revision 404198) @@ -1,57 +1,58 @@ # Created by: Dmitry Marakasov # $FreeBSD$ PORTNAME= dhewm3 PORTVERSION= 1.4.0 +PORTREVISION= 1 CATEGORIES= games MAINTAINER= amdmi3@FreeBSD.org COMMENT= Doom 3 GPL source port LICENSE= GPLv3 # or later LICENSE_FILE= ${WRKSRC}/../COPYING.txt LIB_DEPENDS= libcurl.so:${PORTSDIR}/ftp/curl \ libogg.so:${PORTSDIR}/audio/libogg \ libvorbis.so:${PORTSDIR}/audio/libvorbis USE_GITHUB= yes GH_ACCOUNT= dhewm USES= cmake jpeg openal:al USE_SDL= sdl2 WRKSRC_SUBDIR= neo SUB_FILES= pkg-message PORTDOCS= * DESKTOP_ENTRIES="dhewm 3" \ "" \ "doom3" \ "${PORTNAME}" \ "Game;ActionGame;" \ "" OPTIONS_DEFINE= OPTIMIZED_CFLAGS DEDICATED DOCS OPTIONS_DEFAULT=OPTIMIZED_CFLAGS DEDICATED OPTIONS_SUB= yes DEDICATED_DESC= Build dedicated server DEDICATED_CMAKE_ON= -DDEDICATED=ON post-patch-OPTIMIZED_CFLAGS-off: @${REINPLACE_CMD} -e 's|-O3 -ffast-math -fno-unsafe-math-optimizations -fomit-frame-pointer||' ${WRKSRC}/CMakeLists.txt post-install: - ${MKDIR} ${STAGEDIR}${DATADIR}/base - ${MKDIR} ${STAGEDIR}${DATADIR}/d3xp + @${MKDIR} ${STAGEDIR}${DATADIR}/base + @${MKDIR} ${STAGEDIR}${DATADIR}/d3xp ${INSTALL_DATA} ${WRKSRC}/sys/linux/setup/image/doom3.png \ ${STAGEDIR}${PREFIX}/share/pixmaps/ post-install-DOCS-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR} + @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/../README.md ${STAGEDIR}${DOCSDIR}/ .include Index: head/games/dhewm3/files/patch-roe-bfh-crash =================================================================== --- head/games/dhewm3/files/patch-roe-bfh-crash (nonexistent) +++ head/games/dhewm3/files/patch-roe-bfh-crash (revision 404198) @@ -0,0 +1,52 @@ +commit b03fc9271aa5c4aaf4e90a940c78d004e2962148 +Author: Daniel Gibson +Date: Sun Dec 13 03:06:52 2015 +0100 + + Fix crash by assert in last RoE level (and maybe elsewhere) + + The assertion in idBounds::operator-(const idBounds&) was triggered + from idWeapon::Event_LaunchProjectiles() (ownerBounds - projBounds) + It only happened when using the BFG. + So I added a check to make sure calling operator- is legal. + + I guess this also caused #122 + +diff --git neo/d3xp/Weapon.cpp neo/d3xp/Weapon.cpp +index 2101381..30f8882 100644 +--- d3xp/Weapon.cpp ++++ d3xp/Weapon.cpp +@@ -3446,7 +3446,14 @@ void idWeapon::Event_LaunchProjectiles( int num_projectiles, float spread, float + // make sure the projectile starts inside the bounding box of the owner + if ( i == 0 ) { + muzzle_pos = muzzleOrigin + playerViewAxis[ 0 ] * 2.0f; +- if ( ( ownerBounds - projBounds).RayIntersection( muzzle_pos, playerViewAxis[0], distance ) ) { ++ ++ // DG: sometimes the assertion in idBounds::operator-(const idBounds&) triggers ++ // (would get bounding box with negative volume) ++ // => check that before doing ownerBounds - projBounds (equivalent to the check in the assertion) ++ idVec3 obDiff = ownerBounds[1] - ownerBounds[0]; ++ idVec3 pbDiff = projBounds[1] - projBounds[0]; ++ bool boundsSubLegal = obDiff.x > pbDiff.x && obDiff.y > pbDiff.y && obDiff.z > pbDiff.z; ++ if ( boundsSubLegal && ( ownerBounds - projBounds ).RayIntersection( muzzle_pos, playerViewAxis[0], distance ) ) { + start = muzzle_pos + distance * playerViewAxis[0]; + } else { + start = ownerBounds.GetCenter(); +diff --git neo/game/Weapon.cpp neo/game/Weapon.cpp +index d889c68..a381ae2 100644 +--- game/Weapon.cpp ++++ game/Weapon.cpp +@@ -2941,7 +2941,13 @@ void idWeapon::Event_LaunchProjectiles( int num_projectiles, float spread, float + // make sure the projectile starts inside the bounding box of the owner + if ( i == 0 ) { + muzzle_pos = muzzleOrigin + playerViewAxis[ 0 ] * 2.0f; +- if ( ( ownerBounds - projBounds).RayIntersection( muzzle_pos, playerViewAxis[0], distance ) ) { ++ // DG: sometimes the assertion in idBounds::operator-(const idBounds&) triggers ++ // (would get bounding box with negative volume) ++ // => check that before doing ownerBounds - projBounds (equivalent to the check in the assertion) ++ idVec3 obDiff = ownerBounds[1] - ownerBounds[0]; ++ idVec3 pbDiff = projBounds[1] - projBounds[0]; ++ bool boundsSubLegal = obDiff.x > pbDiff.x && obDiff.y > pbDiff.y && obDiff.z > pbDiff.z; ++ if ( boundsSubLegal && ( ownerBounds - projBounds ).RayIntersection( muzzle_pos, playerViewAxis[0], distance ) ) { + start = muzzle_pos + distance * playerViewAxis[0]; + } else { + start = ownerBounds.GetCenter(); Property changes on: head/games/dhewm3/files/patch-roe-bfh-crash ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/games/dhewm3/files/patch-roe-last-level-load-crash =================================================================== --- head/games/dhewm3/files/patch-roe-last-level-load-crash (nonexistent) +++ head/games/dhewm3/files/patch-roe-last-level-load-crash (revision 404198) @@ -0,0 +1,51 @@ +commit 9950a5721f98eaffc6d8360c6d52ea9bcc0afb9c +Author: Daniel Gibson +Date: Thu Dec 17 18:07:35 2015 +0100 + + Fix heap corruption when loading (broken?) .ma models + + On FreeBSD, the game used to crash when loading the last level of RoE + (d3xp), while loading models/david/hell_h7.ma. + The problem could be reproduced on Linux whith #define USE_LIBC_MALLOC 1 + and clang's AddressSanitizer. + Turns out that this file specifies a vertex transform for a non-existent + vertex (index 31, while we only have 0-30) and thus the bounds of + pMesh->vertexes[] are violated. + I added a check to ensure the index is within the bounds and a Warning + if it isn't. + It should work now. If however it turns out that more files have this + problem, maybe .ma is parsed incorrectly and we need a differently fix. + + (Should) fix #138 + +diff --git neo/renderer/Model_ma.cpp neo/renderer/Model_ma.cpp +index e31ca40..1cd672a 100644 +--- renderer/Model_ma.cpp ++++ renderer/Model_ma.cpp +@@ -203,7 +203,7 @@ bool MA_ParseVertex(idParser& parser, maAttribHeader_t* header) { + + //Allocate enough space for all the verts if this is the first attribute for verticies + if(!pMesh->vertexes) { +- pMesh->numVertexes = header->size; ++ pMesh->numVertexes = header->size; // XXX: +1? + pMesh->vertexes = (idVec3 *)Mem_Alloc( sizeof( idVec3 ) * pMesh->numVertexes ); + } + +@@ -692,7 +692,16 @@ void MA_ParseMesh(idParser& parser) { + + //Now apply the pt transformations + for(int i = 0; i < pMesh->numVertTransforms; i++) { +- pMesh->vertexes[(int)pMesh->vertTransforms[i].w] += pMesh->vertTransforms[i].ToVec3(); ++ int idx = (int)pMesh->vertTransforms[i].w; ++ if(idx < 0 || idx >= pMesh->numVertexes) ++ { ++ // this happens with d3xp/models/david/hell_h7.ma in the d3xp hell level ++ // TODO: if it happens for other models, too, maybe it's intended and the .ma parsing is broken ++ common->Warning( "Model %s tried to set an out-of-bounds vertex transform (%d, but max vert. index is %d)!", ++ parser.GetFileName(), idx, pMesh->numVertexes-1 ); ++ continue; ++ } ++ pMesh->vertexes[idx] += pMesh->vertTransforms[i].ToVec3(); + } + + MA_VERBOSE((va("MESH %s - parent %s\n", header.name, header.parent))); Property changes on: head/games/dhewm3/files/patch-roe-last-level-load-crash ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property