Found this while running gzdoom with the address sanitizer.
Run gzdoom with zdcmp2, open the 'zdcmp2' map and warp to ( -3200, 790).
In that place, if you look around, at a certain point gl_GetFogDensity is called with 'lightlevel' = 256, hence "density=distfogtable[glset.lightmode!=0][lightlevel];" will overflow because distfogtable is of type float[2][256].
[????-g887014c] distfogtable overflow in gl_GetFogDensity
Moderator: Graf Zahl
-
Edward-san
- Developer
- Posts: 197
- Joined: Sun Nov 29, 2009 16:36
-
Graf Zahl
- GZDoom Developer
- Posts: 7148
- Joined: Wed Jul 20, 2005 9:48
- Location: Germany