From 7226fd120e2b2325bfcb313d1ce2b08d1d3c953a Mon Sep 17 00:00:00 2001
From: NepDisk <nepdisk@noreply.codeberg.org>
Date: Thu, 26 Jun 2025 09:57:23 -0400
Subject: [PATCH] I'm never calling you again

This causes buffer overflow sometimes due to not being resized.
---
 src/d_netcmd.c |  8 ++++----
 src/f_finale.c |  2 +-
 src/g_game.c   | 15 ++++++---------
 src/g_game.h   |  2 +-
 src/m_menu.c   |  4 ++--
 5 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/src/d_netcmd.c b/src/d_netcmd.c
index 9c29eb075..f3585db99 100644
--- a/src/d_netcmd.c
+++ b/src/d_netcmd.c
@@ -2815,11 +2815,11 @@ void D_SetupVote(void)
 			hellpick = 1;
 
 		if (i == 2) // sometimes a different gametype
-			m = G_RandMap(G_TOLFlag(secondgt), prevmap, ((secondgt != gametype) ? 2 : 0), 0, true, votebuffer);
+			m = G_RandMap(G_TOLFlag(secondgt), prevmap, ((secondgt != gametype) ? 2 : 0), 0, votebuffer);
 		else if (i >= VOTEROWS) // unknown-random and formerly force-unknown MAP HELL
-			m = G_RandMap(G_TOLFlag(gt), prevmap, 0, hellpick, (i < VOTEROWSADDSONE), votebuffer);
+			m = G_RandMap(G_TOLFlag(gt), prevmap, 0, hellpick, votebuffer);
 		else
-			m = G_RandMap(G_TOLFlag(gt), prevmap, 0, 0, true, votebuffer);
+			m = G_RandMap(G_TOLFlag(gt), prevmap, 0, 0, votebuffer);
 		if (i < VOTEROWS)
 			votebuffer[min(i, 2)] = m; // min() is a dumb workaround for gcc 4.4 array-bounds error
 		WRITEUINT16(p, m);
@@ -3354,7 +3354,7 @@ static void Command_RandomMap(void)
 		oldmapnum = -1;
 	}
 
-	newmapnum = G_RandMap(G_TOLFlag(newgametype), oldmapnum, 0, 0, false, NULL) + 1;
+	newmapnum = G_RandMap(G_TOLFlag(newgametype), oldmapnum, 0, 0, NULL) + 1;
 	D_MapChange(newmapnum, newgametype, newencoremode, newresetplayers, 0, false, false);
 }
 
diff --git a/src/f_finale.c b/src/f_finale.c
index 77ca2fb0c..6f720e28b 100644
--- a/src/f_finale.c
+++ b/src/f_finale.c
@@ -1596,7 +1596,7 @@ void F_TitleScreenTicker(boolean run)
 		// prevent console spam if failed
 		demoIdleLeft = demoIdleTime;
 
-		mapnum = G_RandMap(TOL_RACE, -2, 2, 0, false, NULL);
+		mapnum = G_RandMap(TOL_RACE, -2, 2, 0, NULL);
 		if (mapnum == 0) // gotta have ONE
 		{
 			return;
diff --git a/src/g_game.c b/src/g_game.c
index 4e0b38632..4c1ff172e 100644
--- a/src/g_game.c
+++ b/src/g_game.c
@@ -3778,11 +3778,11 @@ static INT32 TOLMaps(UINT8 pgametype)
   *         has those flags.
   * \author Graue <graue@oceanbase.org>
   */
-static INT16 *okmaps = NULL;
-INT16 G_RandMap(UINT32 tolflags, INT16 pprevmap, UINT8 ignorebuffer, UINT8 maphell, boolean callagainsoon, INT16 *extbuffer)
+INT16 G_RandMap(UINT32 tolflags, INT16 pprevmap, UINT8 ignorebuffer, UINT8 maphell, INT16 *extbuffer)
 {
 	UINT32 numokmaps = 0;
 	INT16 ix, bufx;
+	INT16 *okmaps = NULL;
 	UINT16 extbufsize = 0;
 	boolean usehellmaps; // Only consider Hell maps in this pick
 
@@ -3924,12 +3924,9 @@ tryagain:
 		ix = okmaps[M_RandomKey(numokmaps)];
 	}
 
-	if (!callagainsoon)
-	{
-		//CONS_Printf("(freeing okmaps)\n");
-		Z_Free(okmaps);
-		okmaps = NULL;
-	}
+	//CONS_Printf("(freeing okmaps)\n");
+	Z_Free(okmaps);
+	okmaps = NULL;
 
 	return ix;
 }
@@ -4196,7 +4193,7 @@ static INT16 G_GetNextMap(boolean advancemap)
 			}
 			else if (cv_advancemap.value == 2) // Go to random map.
 			{
-				newmap = G_RandMap(G_TOLFlag(gametype), curmap, 0, 0, false, NULL);
+				newmap = G_RandMap(G_TOLFlag(gametype), curmap, 0, 0, NULL);
 			}
 			else if (nextmap >= NEXTMAP_SPECIAL) // Loop back around
 			{
diff --git a/src/g_game.h b/src/g_game.h
index e5d2df6f5..a0179c7fa 100644
--- a/src/g_game.h
+++ b/src/g_game.h
@@ -275,7 +275,7 @@ FUNCMATH INT32 G_TicsToMilliseconds(tic_t tics);
 UINT32 G_TOLFlag(INT32 pgametype);
 INT16 G_GetFirstMapOfGametype(UINT8 pgametype);
 
-INT16 G_RandMap(UINT32 tolflags, INT16 pprevmap, UINT8 ignorebuffer, UINT8 maphell, boolean callagainsoon, INT16 *extbuffer);
+INT16 G_RandMap(UINT32 tolflags, INT16 pprevmap, UINT8 ignorebuffer, UINT8 maphell, INT16 *extbuffer);
 void G_AddMapToBuffer(INT16 map);
 
 #ifdef __cplusplus
diff --git a/src/m_menu.c b/src/m_menu.c
index 6df4ada5d..73e87e3ff 100644
--- a/src/m_menu.c
+++ b/src/m_menu.c
@@ -4482,7 +4482,7 @@ INT32 MR_PlaybackQuit(INT32 choice)
 INT32 MR_ChangeLevel(INT32 choice)
 {
 	(void)choice;
-	INT16 map = cv_nextmap.value ? cv_nextmap.value : G_RandMap(G_TOLFlag(cv_newgametype.value), gamestate == GS_LEVEL ? gamemap-1 : prevmap, 0, 0, false, NULL);
+	INT16 map = cv_nextmap.value ? cv_nextmap.value : G_RandMap(G_TOLFlag(cv_newgametype.value), gamestate == GS_LEVEL ? gamemap-1 : prevmap, 0, 0, NULL);
 	M_ClearMenus(true);
 	COM_BufAddText(va("map %d -gametype \"%s\"\n", map, cv_newgametype.string));
 	return true;
@@ -6368,7 +6368,7 @@ INT32 MR_StartServer(INT32 choice)
 		G_StopMetalDemo();
 
 	if (!cv_nextmap.value)
-		CV_SetValue(&cv_nextmap, G_RandMap(G_TOLFlag(cv_newgametype.value), -1, 0, 0, false, NULL)+1);
+		CV_SetValue(&cv_nextmap, G_RandMap(G_TOLFlag(cv_newgametype.value), -1, 0, 0, NULL)+1);
 
 	if (cv_maxplayers.value < ssplayers+1)
 		CV_SetValue(&cv_maxplayers, ssplayers+1);