diff options
| author | camthesaxman <cameronghall@cox.net> | 2018-01-14 16:29:27 -0600 |
|---|---|---|
| committer | camthesaxman <cameronghall@cox.net> | 2018-01-14 16:29:27 -0600 |
| commit | 7e3495747035d13f72ba869195b21f4e61ee283a (patch) | |
| tree | 958dc24500f128ecb7f0414b460e4a244bfb695b /src | |
| parent | 69a662de660bf075e97521c4d220c893b96b793b (diff) | |
add comment about NULL pointer dereference
Diffstat (limited to 'src')
| -rw-r--r-- | src/field/fieldmap.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/src/field/fieldmap.c b/src/field/fieldmap.c index 7a31ae720..7383bb174 100644 --- a/src/field/fieldmap.c +++ b/src/field/fieldmap.c @@ -86,18 +86,20 @@ void map_copy_with_padding(u16 *map, u16 width, u16 height) void sub_80560AC(struct MapHeader *mapHeader) { + // BUG: This results in a null pointer dereference when mapHeader->connections + // is NULL, causing count to be assigned a garbage value. This garbage value + // just so happens to have the most significant bit set, so it is treated as + // negative and the loop below thankfully never executes in this scenario. + int count = mapHeader->connections->count; + struct MapConnection *connection = mapHeader->connections->connections; int i; - struct MapConnection *connection; - struct MapHeader *cMap; - u32 offset; - int count; - count = mapHeader->connections->count; - connection = mapHeader->connections->connections; + gUnknown_0202E850 = sDummyConnectionFlags; for (i = 0; i < count; i++, connection++) { - cMap = mapconnection_get_mapheader(connection); - offset = connection->offset; + struct MapHeader *cMap = mapconnection_get_mapheader(connection); + u32 offset = connection->offset; + switch (connection->direction) { case CONNECTION_SOUTH: |