Skip to content

Fix deathtype field parsing to prevent 64-bit memory overwrite#443

Merged
tcsabina merged 1 commit intomasterfrom
fix_deathtype
Feb 7, 2026
Merged

Fix deathtype field parsing to prevent 64-bit memory overwrite#443
tcsabina merged 1 commit intomasterfrom
fix_deathtype

Conversation

@qqshka
Copy link
Copy Markdown
Collaborator

@qqshka qqshka commented Feb 7, 2026

The spawn field table listed "deathtype" as F_LSTRING, so G_ParseField was writing a char* into an int slot.
On 64-bit builds this wrote 8 bytes, which corrupted both deathtype (lower 32 bits of the pointer) and the next field (dmgtime, upper 32 bits).
This could lead to random deathtype values and clobbered dmgtime, causing incorrect logic and potential crashes.

We now ignore the "deathtype" spawn key to avoid writing a pointer into an integer field.

@qqshka
Fix deathtype field parsing to prevent 64-bit memory overwrite
e823f3c 
The spawn field table listed "deathtype" as F_LSTRING, so G_ParseField
was writing a char* into an int slot. On 64-bit builds this wrote 8 bytes,
which corrupted both deathtype (lower 32 bits of the pointer) and the
next field (dmgtime, upper 32 bits). This could lead to random deathtype
values and clobbered dmgtime, causing incorrect logic and potential crashes.

We now ignore the "deathtype" spawn key to avoid writing a pointer into
an integer field.
@qqshka qqshka requested a review from osm February 7, 2026 11:35
@tcsabina tcsabina merged commit 5a63b09 into master Feb 7, 2026
20 checks passed
@tcsabina tcsabina deleted the fix_deathtype branch February 7, 2026 21:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@osm osm Awaiting requested review from osm

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@qqshka @tcsabina