Steps to recreate:


File->New
Set drawing mode to 'Pool'
rclick any combo pool in the combo lists
Select 'Scroll to Page...' in the context menu
Type '85' in the Number Picker prompt
Press enter or click 'OK'

This code snippet failed in zquest.cpp with a vector subscript out of range:



for(int32_t j=0; j<num_combo_cols; ++j) //the actual panes
{
for(int32_t i=0; i<(comboaliaslist[j].w*comboaliaslist[j].h); i++)
{
int32_t cid=-1; int8_t cs=CSet;
combo_pool const& cp = combo_pools[combo_pool_listpos[j]+i];

auto& list = comboaliaslist[j];
if(cp.get_w(cid,cs,0) && !combobuf[cid].tile)


The last line above had a failed debug assertion in operator[] with cid == 1769172585

combo_pool::get_w takes cid by reference, so it looks like that is how cid is getting set to such a huge value.

combobuf has a size of 65280 at the time of crash.

The number picker for alias pages is also affected.

The combo pool being indexed is the 8192nd of the combo_pools array. MAXCOMBOPOOLS is #defined as 8192, so that is one past the last.

breaking out of the inner for loop averts the crash:



int32_t cid=-1; int8_t cs=CSet;
int index = combo_pool_listpos[j]+i;
if (index == MAXCOMBOPOOLS) break;
combo_pool const& cp = combo_pools[index];