From 679dfd33437ecb265cbe64d3663d9afe989e63d2 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Wed, 13 Sep 2023 14:40:39 +0200 Subject: [PATCH] Fix CNullDriver::removeTexture() segfault `Textures` is not an one-to-one mapping. Minetest still crashes with this commit but that's because it attempts to double-free a texture. broken by 7298b46504c109b13bab26c32d4b94f6985074d5 --- source/Irrlicht/CNullDriver.cpp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/source/Irrlicht/CNullDriver.cpp b/source/Irrlicht/CNullDriver.cpp index 54cfdd7d1..3b3ba11ce 100644 --- a/source/Irrlicht/CNullDriver.cpp +++ b/source/Irrlicht/CNullDriver.cpp @@ -286,10 +286,16 @@ void CNullDriver::removeTexture(ITexture* texture) SSurface s; s.Surface = texture; - s32 index = Textures.binary_search(s); - if (index != -1) { - texture->drop(); - Textures.erase(index); + s32 last; + s32 first = Textures.binary_search_multi(s, last); + if (first == -1) + return; + for (u32 i = first; i <= (u32)last; i++) { + if (Textures[i].Surface == texture) { + texture->drop(); + Textures.erase(i); + return; + } } }