fix CTD when LuaSEXP evaluates a subsystem on an absent ship#7496
Merged
Conversation
The OPF_SUBSYSTEM argument-conversion path in LuaSEXP only verified has_shipp() before calling ship_entry->objp(). A ship registry entry retains its shipnum after the ship is destroyed or departed, but its objnum is reset to -1, so objp() either asserts (debug) or dereferences Objects[-1] (release) when the entry is looked up by Lua scripting during, for example, an OnMissionAboutToEnd hook. Tighten the check to has_objp() so absent ships short-circuit to an empty handle, and correct the early-return type from l_Ship to l_Subsystem. Apply the matching type correction to OPF_DOCKER_POINT, which has the same return-type mismatch but no CTD because it never dereferences objp(). Fixes scp-fs2open#7206. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Goober5000
added
fix
JohnAFernandez
approved these changes
Jun 3, 2026
BMagnu
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The OPF_SUBSYSTEM argument-conversion path in LuaSEXP only verified has_shipp() before calling ship_entry->objp(). A ship registry entry retains its shipnum after the ship is destroyed or departed, but its objnum is reset to -1, so objp() either asserts (debug) or dereferences Objects[-1] (release) when the entry is looked up by Lua scripting during, for example, an OnMissionAboutToEnd hook.
Tighten the check to has_objp() so absent ships short-circuit to an empty handle, and correct the early-return type from l_Ship to l_Subsystem. Apply the matching type correction to OPF_DOCKER_POINT, which has the same return-type mismatch but no CTD because it never dereferences objp().
Fixes #7206.