From 81e7dafb945ceb4c6009a35c629b022a78b296fa Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Fri, 7 Nov 2014 10:23:16 -0500 Subject: [PATCH 01/15] Fix delete of malloc'ed memory --- Engine/source/console/consoleInternal.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Engine/source/console/consoleInternal.cpp b/Engine/source/console/consoleInternal.cpp index f8f4eb046..fc27b4ff7 100644 --- a/Engine/source/console/consoleInternal.cpp +++ b/Engine/source/console/consoleInternal.cpp @@ -880,7 +880,7 @@ void Namespace::Entry::clear() // Clean up usage strings generated for script functions. if( ( mType == Namespace::Entry::ConsoleFunctionType ) && mUsage ) { - delete mUsage; + dFree(mUsage); mUsage = NULL; } } @@ -906,7 +906,7 @@ Namespace::~Namespace() clearEntries(); if( mUsage && mCleanUpUsage ) { - delete mUsage; + dFree(mUsage); mUsage = NULL; mCleanUpUsage = false; } From 2fc1ac48161fc72fdd11471b424db56652057c1b Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Fri, 7 Nov 2014 10:25:10 -0500 Subject: [PATCH 02/15] Fix uninit vars in gui --- Engine/source/gui/containers/guiRolloutCtrl.cpp | 5 +++++ Engine/source/gui/containers/guiScrollCtrl.cpp | 5 +++-- Engine/source/gui/containers/guiWindowCtrl.cpp | 2 +- Engine/source/gui/core/guiCanvas.cpp | 3 +++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Engine/source/gui/containers/guiRolloutCtrl.cpp b/Engine/source/gui/containers/guiRolloutCtrl.cpp index 9044a1aaf..919846b66 100644 --- a/Engine/source/gui/containers/guiRolloutCtrl.cpp +++ b/Engine/source/gui/containers/guiRolloutCtrl.cpp @@ -56,6 +56,10 @@ IMPLEMENT_CALLBACK( GuiRolloutCtrl, onCollapsed, void, (), (), //----------------------------------------------------------------------------- GuiRolloutCtrl::GuiRolloutCtrl() + : mHeader(0,0,0,0), + mExpanded(0,0,0,0), + mChildRect(0,0,0,0), + mMargin(0,0,0,0) { mExpanded.set(0,0,200,60); mCaption = StringTable->EmptyString(); @@ -70,6 +74,7 @@ GuiRolloutCtrl::GuiRolloutCtrl() mIsContainer = true; mCanCollapse = true; mAutoCollapseSiblings = false; + mHasTexture = false; // Make sure we receive our ticks. setProcessTicks(); } diff --git a/Engine/source/gui/containers/guiScrollCtrl.cpp b/Engine/source/gui/containers/guiScrollCtrl.cpp index c32e9e2a6..91e86a770 100644 --- a/Engine/source/gui/containers/guiScrollCtrl.cpp +++ b/Engine/source/gui/containers/guiScrollCtrl.cpp @@ -72,8 +72,9 @@ GuiScrollCtrl::GuiScrollCtrl() mAnimating( false ), mScrollAnimSpeed( -1 ), mScrollTargetPos( -1, -1 ), - mChildExt(0, 0), - mChildPos(0, 0) + mChildExt(0, 0), + mChildPos(0, 0), + mBaseThumbSize(0) { mIsContainer = true; setExtent(200,200); diff --git a/Engine/source/gui/containers/guiWindowCtrl.cpp b/Engine/source/gui/containers/guiWindowCtrl.cpp index 0132a75d6..e98c07652 100644 --- a/Engine/source/gui/containers/guiWindowCtrl.cpp +++ b/Engine/source/gui/containers/guiWindowCtrl.cpp @@ -98,10 +98,10 @@ GuiWindowCtrl::GuiWindowCtrl() mMouseMovingWin = false; mMouseResizeWidth = false; mMouseResizeHeight = false; - setExtent(100, 200); mMinimizeIndex = -1; mTabIndex = -1; mBitmapBounds = NULL; + setExtent(100, 200); RectI closeRect(80, 2, 16, 16); mCloseButton = closeRect; diff --git a/Engine/source/gui/core/guiCanvas.cpp b/Engine/source/gui/core/guiCanvas.cpp index ef7bf3630..6e3a5a3a7 100644 --- a/Engine/source/gui/core/guiCanvas.cpp +++ b/Engine/source/gui/core/guiCanvas.cpp @@ -94,9 +94,11 @@ extern InputModifiers convertModifierBits(const U32 in); //----------------------------------------------------------------------------- GuiCanvas::GuiCanvas(): GuiControl(), + mCurUpdateRect(0, 0, 0, 0), mCursorEnabled(true), mForceMouseToGUI(false), mAlwaysHandleMouseButtons(false), + mCursorChanged(0), mClampTorqueCursor(true), mShowCursor(true), mLastCursorEnabled(false), @@ -120,6 +122,7 @@ GuiCanvas::GuiCanvas(): GuiControl(), mLeftMouseLast(false), mMiddleMouseLast(false), mRightMouseLast(false), + mMouseDownPoint(0.0f,0.0f), mPlatformWindow(NULL), mLastRenderMs(0), mDisplayWindow(true) From d4b4320f45226eb0ca076f13630e00925cee951c Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Fri, 7 Nov 2014 10:28:01 -0500 Subject: [PATCH 03/15] More uninitialized variables --- Engine/source/sfx/openal/sfxALDevice.cpp | 3 ++- Engine/source/windowManager/platformWindow.h | 12 ++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Engine/source/sfx/openal/sfxALDevice.cpp b/Engine/source/sfx/openal/sfxALDevice.cpp index f2e00356c..66929876b 100644 --- a/Engine/source/sfx/openal/sfxALDevice.cpp +++ b/Engine/source/sfx/openal/sfxALDevice.cpp @@ -35,7 +35,8 @@ SFXALDevice::SFXALDevice( SFXProvider *provider, : Parent( name, provider, useHardware, maxBuffers ), mOpenAL( openal ), mDevice( NULL ), - mContext( NULL ) + mContext( NULL ), + mRolloffFactor( 1.0f ) { mMaxBuffers = getMax( maxBuffers, 8 ); diff --git a/Engine/source/windowManager/platformWindow.h b/Engine/source/windowManager/platformWindow.h index 680e8b12b..e2af67c42 100644 --- a/Engine/source/windowManager/platformWindow.h +++ b/Engine/source/windowManager/platformWindow.h @@ -98,17 +98,17 @@ protected: { mIsBackground = false; // This could be toggled to true to prefer performance. mMinimumSize.set(0,0); - mLockedSize.set(0,0); - mResizeLocked = false; + mLockedSize.set(0,0); + mResizeLocked = false; mEnableKeyboardTranslation = false; mEnableAccelerators = true; mCursorController = NULL; - // This controller maps window input (Mouse/Keyboard) to a generic input consumer - mWindowInputGenerator = new WindowInputGenerator( this ); mSuppressReset = false; - mOffscreenRender = false; mDisplayWindow = false; + + // This controller maps window input (Mouse/Keyboard) to a generic input consumer + mWindowInputGenerator = new WindowInputGenerator( this ); } public: @@ -498,4 +498,4 @@ protected: virtual void _setFullscreen(const bool fullScreen) {}; }; -#endif \ No newline at end of file +#endif From a10e6e99d40721ea7cacab1c340f2d81b27770d4 Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Mon, 10 Nov 2014 11:42:49 -0500 Subject: [PATCH 04/15] Fix read past end of array --- Engine/source/core/strings/unicode.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Engine/source/core/strings/unicode.cpp b/Engine/source/core/strings/unicode.cpp index b6c915e05..0dee6f3ef 100644 --- a/Engine/source/core/strings/unicode.cpp +++ b/Engine/source/core/strings/unicode.cpp @@ -601,10 +601,13 @@ bool chompUTF8BOM( const char *inString, char **outStringPtr ) { *outStringPtr = const_cast( inString ); - U8 bom[4]; - dMemcpy( bom, inString, 4 ); - - bool valid = isValidUTF8BOM( bom ); + bool valid = false; + if (inString[0] && inString[1] && inString[2]) + { + U8 bom[4]; + dMemcpy(bom, inString, 4); + valid = isValidUTF8BOM(bom); + } // This is hackey, but I am not sure the best way to do it at the present. // The only valid BOM is a UTF8 BOM, which is 3 bytes, even though we read From d97d44f66fa1d07caaa51e855c121d3016543300 Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Mon, 10 Nov 2014 11:50:46 -0500 Subject: [PATCH 05/15] Fix more misc uninitialized vars --- Engine/source/T3D/gameBase/gameConnection.cpp | 2 ++ Engine/source/core/dnet.cpp | 1 + Engine/source/platformWin32/menus/popupMenuWin32.cpp | 4 ++-- Engine/source/sim/netConnection.cpp | 1 + Engine/source/util/settings.h | 5 ++++- 5 files changed, 10 insertions(+), 3 deletions(-) diff --git a/Engine/source/T3D/gameBase/gameConnection.cpp b/Engine/source/T3D/gameBase/gameConnection.cpp index 5888ec218..4c5eef912 100644 --- a/Engine/source/T3D/gameBase/gameConnection.cpp +++ b/Engine/source/T3D/gameBase/gameConnection.cpp @@ -208,6 +208,8 @@ GameConnection::GameConnection() mAIControlled = false; + mLastPacketTime = 0; + mDisconnectReason[0] = 0; //blackout vars diff --git a/Engine/source/core/dnet.cpp b/Engine/source/core/dnet.cpp index 324a9fcfd..b850bf5fd 100644 --- a/Engine/source/core/dnet.cpp +++ b/Engine/source/core/dnet.cpp @@ -66,6 +66,7 @@ ConnectionProtocol::ConnectionProtocol() mLastSendSeq = 0; // start sending at 1 mAckMask = 0; mLastRecvAckAck = 0; + mConnectionEstablished = false; } void ConnectionProtocol::buildSendPacketHeader(BitStream *stream, S32 packetType) { diff --git a/Engine/source/platformWin32/menus/popupMenuWin32.cpp b/Engine/source/platformWin32/menus/popupMenuWin32.cpp index f04ae1b58..883e2c0c3 100644 --- a/Engine/source/platformWin32/menus/popupMenuWin32.cpp +++ b/Engine/source/platformWin32/menus/popupMenuWin32.cpp @@ -158,7 +158,7 @@ void PopupMenu::createPlatformMenu() mData->mMenu = mIsPopup ? CreatePopupMenu() : CreateMenu(); AssertFatal(mData->mMenu, "Unable to create menu"); - MENUINFO mi; + MENUINFO mi = { 0 }; mi.cbSize = sizeof(mi); mi.fMask = MIM_MENUDATA; mi.dwMenuData = (ULONG_PTR)this; @@ -176,7 +176,7 @@ S32 PopupMenu::insertItem(S32 pos, const char *title, const char* accelerator) if(isAttached && pWindow == NULL) return -1; - MENUITEMINFOA mi; + MENUITEMINFOA mi = { 0 }; mi.cbSize = sizeof(mi); mi.fMask = MIIM_ID|MIIM_TYPE; mi.wID = (mData->mMenuID * PlatformPopupMenuData::PopupMenuIDRange) + mData->mLastID + 1; diff --git a/Engine/source/sim/netConnection.cpp b/Engine/source/sim/netConnection.cpp index a34265e48..e882ef869 100644 --- a/Engine/source/sim/netConnection.cpp +++ b/Engine/source/sim/netConnection.cpp @@ -351,6 +351,7 @@ void NetConnection::setNetClassGroup(U32 grp) } NetConnection::NetConnection() + : mNetAddress() { mTranslateStrings = false; mConnectSequence = 0; diff --git a/Engine/source/util/settings.h b/Engine/source/util/settings.h index 2438504ac..10fe2305c 100644 --- a/Engine/source/util/settings.h +++ b/Engine/source/util/settings.h @@ -78,7 +78,10 @@ public: String mValue; bool mIsGroup; - SettingSaveNode(){}; + SettingSaveNode() + { + mIsGroup = false; + } SettingSaveNode(const String &name, bool isGroup = false) { mName = name; From c50c88d071a6e4695fa2248c8e37665300437622 Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Tue, 11 Nov 2014 15:14:47 -0500 Subject: [PATCH 06/15] Fix use-after-delete errors --- Engine/source/T3D/shapeImage.cpp | 4 ++-- Engine/source/ts/collada/colladaLights.cpp | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Engine/source/T3D/shapeImage.cpp b/Engine/source/T3D/shapeImage.cpp index 548984ca8..9a31a87c9 100644 --- a/Engine/source/T3D/shapeImage.cpp +++ b/Engine/source/T3D/shapeImage.cpp @@ -3339,6 +3339,6 @@ void ShapeBase::ejectShellCasing( U32 imageSlot ) if (!casing->registerObject()) delete casing; - - casing->init( shellPos, shellVel ); + else + casing->init( shellPos, shellVel ); } diff --git a/Engine/source/ts/collada/colladaLights.cpp b/Engine/source/ts/collada/colladaLights.cpp index b906ecd03..a1d22cd84 100644 --- a/Engine/source/ts/collada/colladaLights.cpp +++ b/Engine/source/ts/collada/colladaLights.cpp @@ -128,8 +128,7 @@ static void processNodeLights(AppNode* appNode, const MatrixF& offset, SimGroup* Con::errorf(ConsoleLogEntry::General, "Failed to register light for \"%s\"", lightName.c_str()); delete pLight; } - - if (group) + else if (group) group->addObject(pLight); } From 68b5e7b5176ea4733b689f42185d9091828cfb21 Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Tue, 11 Nov 2014 15:15:11 -0500 Subject: [PATCH 07/15] Fix more use-after-delete errors --- Engine/source/environment/decalRoad.cpp | 4 ++-- Engine/source/environment/meshRoad.cpp | 2 +- Engine/source/environment/river.cpp | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Engine/source/environment/decalRoad.cpp b/Engine/source/environment/decalRoad.cpp index 7bd240095..3cde83149 100644 --- a/Engine/source/environment/decalRoad.cpp +++ b/Engine/source/environment/decalRoad.cpp @@ -155,8 +155,8 @@ void DecalRoadNodeEvent::padListToSize() newlist->mPositions.merge(list->mPositions); newlist->mWidths.merge(list->mWidths); - mNodeList = newlist; delete list; + mNodeList = list = newlist; } // Pad our list end? @@ -1726,4 +1726,4 @@ DefineEngineMethod( DecalRoad, postApply, void, (),, ) { object->inspectPostApply(); -} \ No newline at end of file +} diff --git a/Engine/source/environment/meshRoad.cpp b/Engine/source/environment/meshRoad.cpp index 453250568..1c6e7a693 100644 --- a/Engine/source/environment/meshRoad.cpp +++ b/Engine/source/environment/meshRoad.cpp @@ -203,8 +203,8 @@ void MeshRoadNodeEvent::padListToSize() newlist->mDepths.merge(list->mDepths); newlist->mNormals.merge(list->mNormals); - mNodeList = newlist; delete list; + mNodeList = list = newlist; } // Pad our list end? diff --git a/Engine/source/environment/river.cpp b/Engine/source/environment/river.cpp index 59a16230f..bf9b9671f 100644 --- a/Engine/source/environment/river.cpp +++ b/Engine/source/environment/river.cpp @@ -227,8 +227,8 @@ void RiverNodeEvent::padListToSize() newlist->mDepths.merge(list->mDepths); newlist->mNormals.merge(list->mNormals); - mNodeList = newlist; delete list; + mNodeList = list = newlist; } // Pad our list end? From dc780ddcae62f8d772bf972ab15a51d3b9434198 Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Tue, 11 Nov 2014 15:15:55 -0500 Subject: [PATCH 08/15] Fix use-after-delete --- Engine/source/materials/materialList.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Engine/source/materials/materialList.cpp b/Engine/source/materials/materialList.cpp index fbeab64f3..afdba4f54 100644 --- a/Engine/source/materials/materialList.cpp +++ b/Engine/source/materials/materialList.cpp @@ -263,8 +263,6 @@ void MaterialList::clearMatInstList() if (mMatInstList[i]) { BaseMatInstance* current = mMatInstList[i]; - delete current; - mMatInstList[i] = NULL; // ok, since ts material lists can remap difference indexes to the same object // we need to make sure that we don't delete the same memory twice. walk the @@ -272,6 +270,9 @@ void MaterialList::clearMatInstList() for (U32 j=0; j Date: Tue, 11 Nov 2014 15:19:26 -0500 Subject: [PATCH 09/15] Replace obsolete calling convention --- Engine/source/main/main.cpp | 2 +- Engine/source/platformWin32/winWindow.cpp | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Engine/source/main/main.cpp b/Engine/source/main/main.cpp index 9728f37ec..f4c4d95e6 100644 --- a/Engine/source/main/main.cpp +++ b/Engine/source/main/main.cpp @@ -49,7 +49,7 @@ bool getDllName(std::wstring& dllName, const std::wstring suffix) return true; } -int PASCAL WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdLine, int nCommandShow) +int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdLine, int nCommandShow) { // Try to find the game DLL, which may have one of several file names. HMODULE hGame = NULL; diff --git a/Engine/source/platformWin32/winWindow.cpp b/Engine/source/platformWin32/winWindow.cpp index 2546f2cbb..bc8e9e48c 100644 --- a/Engine/source/platformWin32/winWindow.cpp +++ b/Engine/source/platformWin32/winWindow.cpp @@ -313,7 +313,7 @@ S32 main(S32 argc, const char **argv) #include "app/mainLoop.h" -S32 PASCAL WinMain( HINSTANCE hInstance, HINSTANCE, LPSTR lpszCmdLine, S32) +S32 WINAPI WinMain( HINSTANCE hInstance, HINSTANCE, LPSTR lpszCmdLine, S32) { Vector argv( __FILE__, __LINE__ ); @@ -619,4 +619,4 @@ ConsoleFunction( isKoreanBuild, bool, 1, 1, "isKoreanBuild()" ) } return( result ); -} \ No newline at end of file +} From dd297d4dc02eb7f0ee1bd76544c4a3d7d089f0d7 Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Tue, 11 Nov 2014 15:19:52 -0500 Subject: [PATCH 10/15] Fix buffer overflow --- Engine/source/platformWin32/winWindow.cpp | 26 ++++++++++++----------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/Engine/source/platformWin32/winWindow.cpp b/Engine/source/platformWin32/winWindow.cpp index bc8e9e48c..23f52074e 100644 --- a/Engine/source/platformWin32/winWindow.cpp +++ b/Engine/source/platformWin32/winWindow.cpp @@ -317,15 +317,16 @@ S32 WINAPI WinMain( HINSTANCE hInstance, HINSTANCE, LPSTR lpszCmdLine, S32) { Vector argv( __FILE__, __LINE__ ); - char moduleName[256]; + enum { moduleNameSize = 256 }; + char moduleName[moduleNameSize]; #ifdef TORQUE_UNICODE { - TCHAR buf[ 256 ]; - GetModuleFileNameW( NULL, buf, sizeof( buf ) ); - convertUTF16toUTF8( buf, moduleName, sizeof( moduleName ) ); + TCHAR buf[ moduleNameSize ]; + GetModuleFileNameW( NULL, buf, moduleNameSize ); + convertUTF16toUTF8( buf, moduleName, moduleNameSize ); } #else - GetModuleFileNameA(NULL, moduleName, sizeof(moduleName)); + GetModuleFileNameA(NULL, moduleName, moduleNameSize); #endif argv.push_back(moduleName); @@ -394,15 +395,16 @@ S32 torque_winmain( HINSTANCE hInstance, HINSTANCE, LPSTR lpszCmdLine, S32) { Vector argv( __FILE__, __LINE__ ); - char moduleName[256]; + enum { moduleNameSize = 256 }; + char moduleName[moduleNameSize]; #ifdef TORQUE_UNICODE - { - TCHAR buf[ 256 ]; - GetModuleFileNameW( NULL, buf, sizeof( buf ) ); - convertUTF16toUTF8( buf, moduleName, sizeof( moduleName ) ); -} + { + TCHAR buf[ moduleNameSize ]; + GetModuleFileNameW( NULL, buf, moduleNameSize ); + convertUTF16toUTF8( buf, moduleName, moduleNameSize ); + } #else - GetModuleFileNameA(NULL, moduleName, sizeof(moduleName)); + GetModuleFileNameA(NULL, moduleName, moduleNameSize); #endif argv.push_back(moduleName); From 50238fb2ace2f124dedc443f885dee7aa835aae3 Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Tue, 18 Nov 2014 17:47:59 -0500 Subject: [PATCH 11/15] Casts are stronger than necessary --- Engine/source/core/util/str.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Engine/source/core/util/str.cpp b/Engine/source/core/util/str.cpp index 36b0637de..d01af6279 100644 --- a/Engine/source/core/util/str.cpp +++ b/Engine/source/core/util/str.cpp @@ -491,7 +491,7 @@ ConsoleFunction( dumpStringMemStats, void, 1, 1, "()" void* String::StringData::operator new( size_t size, U32 len ) { AssertFatal( len != 0, "String::StringData::operator new() - string must not be empty" ); - StringData *str = reinterpret_cast( dMalloc( size + len * sizeof(StringChar) ) ); + StringData *str = static_cast( dMalloc( size + len * sizeof(StringChar) ) ); str->mLength = len; @@ -519,7 +519,7 @@ void String::StringData::operator delete(void *ptr) void* String::StringData::operator new( size_t size, U32 len, DataChunker& chunker ) { AssertFatal( len != 0, "String::StringData::operator new() - string must not be empty" ); - StringData *str = reinterpret_cast( chunker.alloc( size + len * sizeof(StringChar) ) ); + StringData *str = static_cast( chunker.alloc( size + len * sizeof(StringChar) ) ); str->mLength = len; From 98e79f3aec90728ab11f134907f2ffee3e714654 Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Thu, 20 Nov 2014 00:35:56 -0500 Subject: [PATCH 12/15] Fix uninitialized member vars --- Engine/source/scene/reflectionManager.cpp | 3 ++- Engine/source/scene/reflector.cpp | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Engine/source/scene/reflectionManager.cpp b/Engine/source/scene/reflectionManager.cpp index 2c86a700f..057c72c0a 100644 --- a/Engine/source/scene/reflectionManager.cpp +++ b/Engine/source/scene/reflectionManager.cpp @@ -83,7 +83,8 @@ F32 ReflectionManager::smRefractTexScale = 0.5f; ReflectionManager::ReflectionManager() : mUpdateRefract( true ), - mReflectFormat( GFXFormatR8G8B8A8 ) + mReflectFormat( GFXFormatR8G8B8A8 ), + mLastUpdateMs( 0 ) { mTimer = PlatformTimer::create(); diff --git a/Engine/source/scene/reflector.cpp b/Engine/source/scene/reflector.cpp index ab53c2bdd..a992456e2 100644 --- a/Engine/source/scene/reflector.cpp +++ b/Engine/source/scene/reflector.cpp @@ -179,6 +179,8 @@ ReflectorBase::ReflectorBase() mObject = NULL; mOcclusionQuery = GFX->createOcclusionQuery(); mQueryPending = false; + score = 0.0f; + lastUpdateMs = 0; } ReflectorBase::~ReflectorBase() From de7101dec2956785b3de98423058d28f12336f7d Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Thu, 20 Nov 2014 21:34:19 -0500 Subject: [PATCH 13/15] Fix mismatched free Memory was allocated with new on line 304 --- Engine/source/console/compiler.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Engine/source/console/compiler.cpp b/Engine/source/console/compiler.cpp index 49125389f..fd871c036 100644 --- a/Engine/source/console/compiler.cpp +++ b/Engine/source/console/compiler.cpp @@ -400,7 +400,7 @@ void CodeStream::reset() { CodeData *next = itr->next; dFree(itr->data); - dFree(itr); + delete(itr); itr = next; } From cadc390895c544770e7ede52dc11d3bea02cf490 Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Thu, 20 Nov 2014 22:07:27 -0500 Subject: [PATCH 14/15] Fix leaked member var --- Engine/source/gfx/gfxDevice.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/Engine/source/gfx/gfxDevice.cpp b/Engine/source/gfx/gfxDevice.cpp index 47f528d94..35d86d827 100644 --- a/Engine/source/gfx/gfxDevice.cpp +++ b/Engine/source/gfx/gfxDevice.cpp @@ -279,6 +279,7 @@ GFXDevice::~GFXDevice() #endif SAFE_DELETE( mTextureManager ); + SAFE_DELETE( mFrameTime ); // Clear out our state block references mCurrentStateBlocks.clear(); From 8d4679b2b762ba7bd48f54272f861675c5d57a60 Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Thu, 11 Dec 2014 20:07:11 -0500 Subject: [PATCH 15/15] Fix potential buffer overflows --- Engine/source/main/main.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Engine/source/main/main.cpp b/Engine/source/main/main.cpp index f4c4d95e6..56bed4ceb 100644 --- a/Engine/source/main/main.cpp +++ b/Engine/source/main/main.cpp @@ -75,10 +75,11 @@ int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdL return -1; } + enum { errorSize = 4096 }; if (!hGame) { - wchar_t error[4096]; - _swprintf_l(error, sizeof(error), L"Unable to load game library: %s. Please make sure it exists and the latest DirectX is installed.", _get_current_locale(), dllName.c_str()); + wchar_t error[errorSize]; + _swprintf_l(error, errorSize, L"Unable to load game library: %s. Please make sure it exists and the latest DirectX is installed.", _get_current_locale(), dllName.c_str()); MessageBoxW(NULL, error, L"Error", MB_OK|MB_ICONWARNING); return -1; } @@ -86,8 +87,8 @@ int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdL torque_winmain = (int (*)(HINSTANCE hInstance, HINSTANCE h, LPSTR lpszCmdLine, int nShow))GetProcAddress(hGame, "torque_winmain"); if (!torque_winmain) { - wchar_t error[4096]; - _swprintf_l(error, sizeof(error), L"Missing torque_winmain export in game library: %s. Please make sure that it exists and the latest DirectX is installed.", _get_current_locale(), dllName.c_str()); + wchar_t error[errorSize]; + _swprintf_l(error, errorSize, L"Missing torque_winmain export in game library: %s. Please make sure that it exists and the latest DirectX is installed.", _get_current_locale(), dllName.c_str()); MessageBoxW(NULL, error, L"Error", MB_OK|MB_ICONWARNING); return -1; }