# Before an entity is freed, it needs to be removed from the # BoundingBoxManager's candidate list, or initCollisionCandidates will # write into freed memory. # diff -ur blobAndConquer-0.90/src/3d/CBoundingBoxManager.cpp blobAndConquer-0.90/src/3d/CBoundingBoxManager.cpp --- blobAndConquer-0.90/src/3d/CBoundingBoxManager.cpp 2006-12-28 05:32:25.000000000 -0500 +++ blobAndConquer-0.90/src/3d/CBoundingBoxManager.cpp 2007-05-11 17:39:13.000000000 -0400 @@ -186,6 +186,25 @@ } } + +void BoundingBoxManager::destroyBox(Entity *entity) +{ + for (int i = 0 ; i < MAX_CANDIDATES ; i++) + { + if (candidate[i] == entity) + { + candidate[i]->inCollisionCandidateList = false; + for(int j = i; j+1 < MAX_CANDIDATES; j++) + { + candidate[j] = candidate[j+1]; + } + candidate[MAX_CANDIDATES-1] = NULL; + i--; + } + } +} + + int BoundingBoxManager::initCollisionCandidates() { currentCandidate = 0; diff -ur blobAndConquer-0.90/src/3d/CBoundingBoxManager.h blobAndConquer-0.90/src/3d/CBoundingBoxManager.h --- blobAndConquer-0.90/src/3d/CBoundingBoxManager.h 2006-08-25 15:44:05.000000000 -0400 +++ blobAndConquer-0.90/src/3d/CBoundingBoxManager.h 2007-05-11 17:47:13.000000000 -0400 @@ -60,6 +60,7 @@ void addBox(Entity *entity); void removeBox(Entity *entity); + void destroyBox(Entity *entity); int initCollisionCandidates(Entity *entity1); int initCollisionCandidates(Entity *entity1, Entity *entity2); # # The lightmapCoord, indices, textureCoord, and position are allocated # using malloc. They need to be freed instead of deleted. # diff -ur blobAndConquer-0.90/src/3d/CMDLModel.cpp blobAndConquer-0.90/src/3d/CMDLModel.cpp --- blobAndConquer-0.90/src/3d/CMDLModel.cpp 2006-07-29 17:28:05.000000000 -0400 +++ blobAndConquer-0.90/src/3d/CMDLModel.cpp 2007-05-11 22:32:22.000000000 -0400 @@ -34,21 +34,21 @@ { if (lightmapCoord != NULL) { - delete lightmapCoord; + free(lightmapCoord); } if (indices != NULL) { - delete indices; + free(indices); } if (textureCoord != NULL) { - delete textureCoord; + free(textureCoord); } if (position != NULL) { - delete position; + free(position); } } # # z is never initialized in this function. Not sure what it should be. # diff -ur blobAndConquer-0.90/src/entities/bioMechBlobs.cpp blobAndConquer-0.90/src/entities/bioMechBlobs.cpp --- blobAndConquer-0.90/src/entities/bioMechBlobs.cpp 2006-11-12 17:53:03.000000000 -0500 +++ blobAndConquer-0.90/src/entities/bioMechBlobs.cpp 2007-05-13 19:18:49.000000000 -0400 @@ -463,6 +463,7 @@ x = Math::rrand(-25, 25); y = Math::rrand(-25, 25); + z = 0; x *= 0.01; y *= 0.01; # # Remove unit from bbManager before destroying it. # diff -ur blobAndConquer-0.90/src/entities/blobs.cpp blobAndConquer-0.90/src/entities/blobs.cpp --- blobAndConquer-0.90/src/entities/blobs.cpp 2007-05-03 15:59:23.000000000 -0400 +++ blobAndConquer-0.90/src/entities/blobs.cpp 2007-05-11 17:43:16.000000000 -0400 @@ -1330,6 +1330,7 @@ { if (!unit->referenced) { + bbManager->destroyBox(unit); unit = (Unit*)unit->previous; entityManager->blobList.remove(unit->next); } # # Remove unit from bbManager before freeing it. Do not change the # referenced flag after it has been freed. # diff -ur blobAndConquer-0.90/src/entities/bosses.cpp blobAndConquer-0.90/src/entities/bosses.cpp --- blobAndConquer-0.90/src/entities/bosses.cpp 2007-04-25 18:27:42.000000000 -0400 +++ blobAndConquer-0.90/src/entities/bosses.cpp 2007-05-11 17:44:52.000000000 -0400 @@ -366,11 +366,14 @@ if (!boss->referenced) { + bbManager->destroyBox(boss); boss = (Boss*)boss->previous; entityManager->bossList.remove(boss->next); } - - boss->referenced = false; + else + { + boss->referenced = false; + } continue; } # # Remove bullet from bbManager before freeing it. # diff -ur blobAndConquer-0.90/src/entities/bullets.cpp blobAndConquer-0.90/src/entities/bullets.cpp --- blobAndConquer-0.90/src/entities/bullets.cpp 2007-04-29 11:20:24.000000000 -0400 +++ blobAndConquer-0.90/src/entities/bullets.cpp 2007-05-11 17:40:15.000000000 -0400 @@ -1375,6 +1375,7 @@ bullet->die(); } + bbManager->destroyBox(bullet); bullet = (Bullet*)bullet->previous; entityManager->bulletList.remove(bullet->next); continue; # # When an enemy dies, reset player->target so it doesn't point at the # freed enemy. Don't set unit->referenced if the unit was freed. # diff -ur blobAndConquer-0.90/src/entities/enemy.cpp blobAndConquer-0.90/src/entities/enemy.cpp --- blobAndConquer-0.90/src/entities/enemy.cpp 2007-04-24 03:32:01.000000000 -0400 +++ blobAndConquer-0.90/src/entities/enemy.cpp 2007-05-11 18:27:58.000000000 -0400 @@ -359,6 +359,12 @@ { if (!unit->referenced) { + if(player->target == unit) + { + player->target = NULL; + } + + bbManager->destroyBox(unit); unit = (Unit*)unit->previous; entityManager->enemyList.remove(unit->next); @@ -369,8 +375,11 @@ continue; } + else + { + unit->referenced = false; + } - unit->referenced = false; continue; } else if (!(unit->flags & EF_DYING)) # # Remove item from bbManager before freeing it. # diff -ur blobAndConquer-0.90/src/entities/items.cpp blobAndConquer-0.90/src/entities/items.cpp --- blobAndConquer-0.90/src/entities/items.cpp 2007-05-05 04:22:42.000000000 -0400 +++ blobAndConquer-0.90/src/entities/items.cpp 2007-05-11 17:40:53.000000000 -0400 @@ -929,6 +929,7 @@ if (item->health <= 0) { debug(("Removing Item '%s'\n", item->definition->getName())); + bbManager->destroyBox(item); item = (Entity*)item->previous; list->remove(item->next); continue; # # Remove entity from bbManager before freeing it. Don't set # self->referenced if self was freed. # diff -ur blobAndConquer-0.90/src/entities/structures.cpp blobAndConquer-0.90/src/entities/structures.cpp --- blobAndConquer-0.90/src/entities/structures.cpp 2007-04-25 18:27:42.000000000 -0400 +++ blobAndConquer-0.90/src/entities/structures.cpp 2007-05-11 17:45:53.000000000 -0400 @@ -1192,11 +1192,14 @@ { if (!self->referenced) { + bbManager->destroyBox(entity); entity = (Entity*)entity->previous; entityManager->structureList.remove(entity->next); } - - self->referenced = false; + else + { + self->referenced = false; + } continue; } # # "%.2d%.2d.%.2d" is going to use at least 7 bytes plus one for the # string terminator. # diff -ur blobAndConquer-0.90/src/hud/controlPanel.cpp blobAndConquer-0.90/src/hud/controlPanel.cpp --- blobAndConquer-0.90/src/hud/controlPanel.cpp 2007-05-04 03:14:36.000000000 -0400 +++ blobAndConquer-0.90/src/hud/controlPanel.cpp 2007-05-13 17:01:46.000000000 -0400 @@ -497,7 +497,7 @@ void drawMessages() { - static char time[5]; + static char time[8]; static String s; Texture *t; # # Multiple places try to do strtok on the result of loadData. Once # they've read in all the data, they do a final strtok which runs past # the end of the string and may corrupt memory. So padd the dataBuffer # with a string terminator here. # diff -ur blobAndConquer-0.90/src/system/CEngine.cpp blobAndConquer-0.90/src/system/CEngine.cpp --- blobAndConquer-0.90/src/system/CEngine.cpp 2007-04-24 03:32:01.000000000 -0400 +++ blobAndConquer-0.90/src/system/CEngine.cpp 2007-05-11 16:11:38.000000000 -0400 @@ -365,8 +365,9 @@ fseek(fp, 0, SEEK_END); lastReadDataSize = ftell(fp); rewind(fp); - dataBuffer = new unsigned char[lastReadDataSize]; + dataBuffer = new unsigned char[lastReadDataSize+1]; fread(dataBuffer, 1, lastReadDataSize, fp); + dataBuffer[lastReadDataSize] = 0; fclose(fp); debug(("loadData() : Loaded %s (%d)\n", pak->getFileName(), lastReadDataSize)); return true; # # Don't use wordSurface after SDL_FreedSurface has been called on it. # Save the height in a local. # diff -ur blobAndConquer-0.90/src/system/CGraphics.cpp blobAndConquer-0.90/src/system/CGraphics.cpp --- blobAndConquer-0.90/src/system/CGraphics.cpp 2007-05-04 03:14:36.000000000 -0400 +++ blobAndConquer-0.90/src/system/CGraphics.cpp 2007-05-11 22:02:49.000000000 -0400 @@ -767,6 +767,8 @@ SDL_Surface *wordSurface; + int wordSurfaceHeight = 0; + while (word) { sprintf(wordWithSpace, "%s ", word); @@ -781,15 +783,17 @@ blit(wordSurface, x, y, surface, false); - SDL_FreeSurface(wordSurface); - x += wordSurface->w; textWidth = max(x, textWidth); word = strtok(NULL, " "); + + wordSurfaceHeight = wordSurface->h; + + SDL_FreeSurface(wordSurface); } - textHeight = y + wordSurface->h; + textHeight = y + wordSurfaceHeight; } void Graphics::drawRect(int x, int y, int w, int h, GLColor color, bool transparent)