Skip to content

Fix segfault when removing source from ShouldDamage

Hanicef requested to merge Hanicef/SRB2:fix-remove-source-damage into next

This one was a pain to track down. Some buggy Lua scripts can crash the game if they remove the source mobj from within the ShouldDamage hook. This happens because the reference is not checked for deletion within the hook, so P_DamageMobj will proceed to use the removed mobj even if it's no longer valid. The issue with this bug is that the crash point seems to vary depending on what the type and contents that the target mobj has, so it's not very consistent, but I found that this script seems to triggers it consistently:

local a = P_SpawnMobj(0, 0, 0, MT_UNKNOWN)
local b = P_SpawnMobj(0, 0, 0, MT_UNKNOWN)
addHook("ShouldDamage", function (target, inflictor, source, damage, damagetype)
    P_RemoveMobj(source)
    return true
end)
P_DamageMobj(a, nil, b)

Additionally, it only triggers consistently if built with DEBUGMODE=1, so make sure to make a debug build to reproduce this bug!

Merge request reports

Loading