From 61a89c24a08fce69db37f331d524a22aaeb82865 Mon Sep 17 00:00:00 2001
From: divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Date: Sun, 29 Apr 2012 15:49:56 +0000
Subject: [PATCH] fix a stupid overrun in OP_DONE/OP_RETURN when trying to
 return one of the last two globals

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@11813 d7cf8633-e32d-0410-b094-e92efae38249
---
 prvm_edict.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/prvm_edict.c b/prvm_edict.c
index 307f3129..30a92618 100644
--- a/prvm_edict.c
+++ b/prvm_edict.c
@@ -1964,7 +1964,10 @@ void PRVM_Prog_Load(prvm_prog_t *prog, const char * filename, int numrequiredfun
 
 	// we need to expand the globaldefs and fielddefs to include engine defs
 	prog->globaldefs = (ddef_t *)Mem_Alloc(prog->progs_mempool, (prog->progs_numglobaldefs + numrequiredglobals) * sizeof(ddef_t));
-	prog->globals.fp = (prvm_vec_t *)Mem_Alloc(prog->progs_mempool, (prog->progs_numglobals + requiredglobalspace) * sizeof(prvm_vec_t));
+	prog->globals.fp = (prvm_vec_t *)Mem_Alloc(prog->progs_mempool, (prog->progs_numglobals + requiredglobalspace + 2) * sizeof(prvm_vec_t));
+		// + 2 is because of an otherwise occurring overrun in RETURN instruction
+		// when trying to return the last or second-last global
+		// (RETURN always returns a vector, there is no RETURN_F instruction)
 	prog->fielddefs = (ddef_t *)Mem_Alloc(prog->progs_mempool, (prog->progs_numfielddefs + numrequiredfields) * sizeof(ddef_t));
 	// we need to convert the statements to our memory format
 	prog->statements = (mstatement_t *)Mem_Alloc(prog->progs_mempool, prog->progs_numstatements * sizeof(mstatement_t));
-- 
2.39.2