Fix: do not add an offset to a nullptr

This is, by specs, undefined behaviour. See https://reviews.llvm.org/D67122 In cases where this is done, optimizations done by LLVM can generate code that causes crashes. GetVariableAddress() had two (legit) ways this could happen: - For SaveLoad set to global - For SaveLoad set to SLE_VAR_NULL, where sld->address is always a nullptr, and object could or could not be a nullptr.
jostephd · Dec 6, 2020 · c98717c · c98717c
1 parent c558936
commit c98717c
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/src/saveload/saveload.h b/src/saveload/saveload.h
@@ -873,7 +873,18 @@ static inline bool IsNumericType(VarType conv)
  */
 static inline void *GetVariableAddress(const void *object, const SaveLoad *sld)
 {
-	return const_cast<byte *>((const byte*)(sld->global ? nullptr : object) + (ptrdiff_t)sld->address);
+	/* Entry is a global address. */
+	if (sld->global) return sld->address;
+
+	/* Entry is a null-variable, mostly used to read old savegames etc. */
+	if (GetVarMemType(sld->conv) == SLE_VAR_NULL) {
+		assert(sld->address == nullptr);
+		return nullptr;
+	}
+
+	/* Everything else should be a non-null pointer. */
+	assert(object != nullptr);
+	return const_cast<byte *>((const byte *)object + (ptrdiff_t)sld->address);
 }
 
 int64 ReadValue(const void *ptr, VarType conv);