[MP/SP] Increase MAX_ANIM_FILES from 16 to 64, add MAX_ANIM_EVENT_FILES

dpiers · dpiers · commit 4fe24b38d9a5 · 2025-12-04T11:17:33.000-08:00
Fixes #817 - spawning more than 16 different NPC types causes a crash due to out-of-bounds array access in bgAllEvents[]. Split limits into MAX_ANIM_FILES (64) for animation skeletons and MAX_ANIM_EVENT_FILES (128) for event files, since multiple models can share a skeleton while having unique animevents.cfg files. Add bounds checking in BG_ParseAnimationEvtFile and BG_AnimsetAlloc to prevent out-of-bounds access if limits are exceeded.
diff --git a/code/game/bg_public.h b/code/game/bg_public.h
@@ -486,7 +486,7 @@ class animation_t
 	}
 }; // animation_t
 
-#define MAX_ANIM_FILES	16
+#define MAX_ANIM_FILES	64
 #define MAX_ANIM_EVENTS 300
 
 //size of Anim eventData array...
diff --git a/codemp/game/bg_panimate.c b/codemp/game/bg_panimate.c
@@ -1710,6 +1710,11 @@ void BG_ClearAnimsets(void)
 animation_t *BG_AnimsetAlloc(void)
 {
 	assert (bgNumAllAnims < MAX_ANIM_FILES);
+	if (bgNumAllAnims >= MAX_ANIM_FILES)
+	{
+		Com_Printf(S_COLOR_YELLOW "BG_AnimsetAlloc: MAX_ANIM_FILES reached (%d)\n", MAX_ANIM_FILES);
+		return NULL;
+	}
 	bgAllAnims[bgNumAllAnims].anims = (animation_t *) BG_Alloc(sizeof(animation_t)*MAX_TOTALANIMATIONS);
 
 	return bgAllAnims[bgNumAllAnims].anims;
@@ -2129,7 +2134,7 @@ This file's presence is not required
 
 ======================
 */
-bgLoadedEvents_t bgAllEvents[MAX_ANIM_FILES];
+bgLoadedEvents_t bgAllEvents[MAX_ANIM_EVENT_FILES];
 int bgNumAnimEvents = 1;
 static int bg_animParseIncluding = 0;
 int BG_ParseAnimationEvtFile( const char *as_filename, int animFileIndex, int eventFileIndex )
@@ -2148,7 +2153,7 @@ int BG_ParseAnimationEvtFile( const char *as_filename, int animFileIndex, int ev
 	int				forcedIndex;
 
 	assert(animFileIndex < MAX_ANIM_FILES);
-	assert(eventFileIndex < MAX_ANIM_FILES);
+	assert(eventFileIndex < MAX_ANIM_EVENT_FILES);
 
 	if (eventFileIndex == -1)
 	{
@@ -2159,6 +2164,12 @@ int BG_ParseAnimationEvtFile( const char *as_filename, int animFileIndex, int ev
 		forcedIndex = eventFileIndex;
 	}
 
+	if (forcedIndex >= MAX_ANIM_EVENT_FILES)
+	{
+		Com_Printf(S_COLOR_YELLOW "BG_ParseAnimationEvtFile: MAX_ANIM_EVENT_FILES reached (%d), using index 0 for %s\n", MAX_ANIM_EVENT_FILES, as_filename);
+		return 0;
+	}
+
 	if (bg_animParseIncluding <= 0)
 	{ //if we should be parsing an included file, skip this part
 		if ( bgAllEvents[forcedIndex].eventsParsed )
diff --git a/codemp/game/bg_public.h b/codemp/game/bg_public.h
@@ -321,7 +321,8 @@ typedef struct animation_s {
 extern qboolean			BGPAFtextLoaded;
 extern animation_t		bgHumanoidAnimations[MAX_TOTALANIMATIONS];
 
-#define MAX_ANIM_FILES	16
+#define MAX_ANIM_FILES	64
+#define MAX_ANIM_EVENT_FILES	128
 #define MAX_ANIM_EVENTS 300
 
 typedef enum
@@ -417,7 +418,7 @@ extern bgLoadedAnim_t bgAllAnims[MAX_ANIM_FILES];
 //On the bright side this also means we're cutting a rather large size out of
 //required game-side memory.
 #ifndef _GAME
-extern bgLoadedEvents_t bgAllEvents[MAX_ANIM_FILES];
+extern bgLoadedEvents_t bgAllEvents[MAX_ANIM_EVENT_FILES];
 extern int bgNumAnimEvents;
 #endif
 

Original file line number	Diff line number	Diff line change
`@@ -486,7 +486,7 @@ class animation_t`
`486`	`486`	`}`
`487`	`487`	`}; // animation_t`
`488`	`488`
`489`		`-#define MAX_ANIM_FILES 16`
	`489`	`+#define MAX_ANIM_FILES 64`
`490`	`490`	`#define MAX_ANIM_EVENTS 300`
`491`	`491`
`492`	`492`	`//size of Anim eventData array...`