Fixed a number of out of bounds accesses.

Visual Studio's static code analyser found a number of out of bounds array
accesses. This commit fixes a number of them as well as a few other problems
the analyser brought up.

This also fixes #1 in the issue tracker.
This commit is contained in:
Alex Lo 2013-11-01 00:24:58 +00:00
parent 58c425637e
commit 76ea7385dd
13 changed files with 38 additions and 18 deletions

View file

@ -68,6 +68,8 @@ void IncDrawVerts(){
} }
else if ( numBSPDrawVerts > numBSPDrawVertsBuffer ) { else if ( numBSPDrawVerts > numBSPDrawVertsBuffer ) {
bspDrawVert_t *newBspDrawVerts;
numBSPDrawVertsBuffer *= 3; // multiply by 1.5 numBSPDrawVertsBuffer *= 3; // multiply by 1.5
numBSPDrawVertsBuffer /= 2; numBSPDrawVertsBuffer /= 2;
@ -75,11 +77,14 @@ void IncDrawVerts(){
numBSPDrawVertsBuffer = MAX_MAP_DRAW_VERTS; numBSPDrawVertsBuffer = MAX_MAP_DRAW_VERTS;
} }
bspDrawVerts = realloc( bspDrawVerts, sizeof( bspDrawVert_t ) * numBSPDrawVertsBuffer ); newBspDrawVerts = realloc( bspDrawVerts, sizeof( bspDrawVert_t ) * numBSPDrawVertsBuffer );
if ( !bspDrawVerts ) { if ( !newBspDrawVerts ) {
free (bspDrawVerts);
Error( "realloc() failed (IncDrawVerts)" ); Error( "realloc() failed (IncDrawVerts)" );
} }
bspDrawVerts = newBspDrawVerts;
} }
memset( bspDrawVerts + ( numBSPDrawVerts - 1 ), 0, sizeof( bspDrawVert_t ) ); memset( bspDrawVerts + ( numBSPDrawVerts - 1 ), 0, sizeof( bspDrawVert_t ) );

View file

@ -185,10 +185,10 @@ static void RadClipWindingEpsilon( radWinding_t *in, vec3_t normal, vec_t dist,
} }
/* error check */ /* error check */
if ( front->numVerts > maxPoints || front->numVerts > maxPoints ) { if ( front->numVerts > maxPoints ) {
Error( "RadClipWindingEpsilon: points exceeded estimate" ); Error( "RadClipWindingEpsilon: points exceeded estimate" );
} }
if ( front->numVerts > MAX_POINTS_ON_WINDING || front->numVerts > MAX_POINTS_ON_WINDING ) { if ( front->numVerts > MAX_POINTS_ON_WINDING ) {
Error( "RadClipWindingEpsilon: MAX_POINTS_ON_WINDING" ); Error( "RadClipWindingEpsilon: MAX_POINTS_ON_WINDING" );
} }
} }
@ -279,7 +279,7 @@ static void RadSample( int lightmapNum, bspDrawSurface_t *ds, rawLightmap_t *lm,
/* multiply by texture color */ /* multiply by texture color */
if ( !RadSampleImage( si->lightImage->pixels, si->lightImage->width, si->lightImage->height, rw->verts[ samples ].st, textureColor ) ) { if ( !RadSampleImage( si->lightImage->pixels, si->lightImage->width, si->lightImage->height, rw->verts[ samples ].st, textureColor ) ) {
VectorCopy( si->averageColor, textureColor ); VectorCopy( si->averageColor, textureColor );
textureColor[ 4 ] = 255.0f; textureColor[ 3 ] = 255.0f;
} }
for ( i = 0; i < 3; i++ ) for ( i = 0; i < 3; i++ )
color[ i ] = ( textureColor[ i ] / 255 ) * ( rw->verts[ samples ].color[ lightmapNum ][ i ] / 255.0f ); color[ i ] = ( textureColor[ i ] / 255 ) * ( rw->verts[ samples ].color[ lightmapNum ][ i ] / 255.0f );
@ -363,7 +363,7 @@ static void RadSample( int lightmapNum, bspDrawSurface_t *ds, rawLightmap_t *lm,
/* multiply by texture color */ /* multiply by texture color */
if ( !RadSampleImage( si->lightImage->pixels, si->lightImage->width, si->lightImage->height, st, textureColor ) ) { if ( !RadSampleImage( si->lightImage->pixels, si->lightImage->width, si->lightImage->height, st, textureColor ) ) {
VectorCopy( si->averageColor, textureColor ); VectorCopy( si->averageColor, textureColor );
textureColor[ 4 ] = 255; textureColor[ 3 ] = 255;
} }
for ( i = 0; i < 3; i++ ) for ( i = 0; i < 3; i++ )
color[ i ] = ( textureColor[ i ] / 255 ) * ( radLuxel[ i ] / 255 ); color[ i ] = ( textureColor[ i ] / 255 ) * ( radLuxel[ i ] / 255 );

View file

@ -2104,6 +2104,11 @@ static void FindOutLightmaps( rawLightmap_t *lm ){
/* allocate two new output lightmaps */ /* allocate two new output lightmaps */
numOutLightmaps += 2; numOutLightmaps += 2;
olm = safe_malloc( numOutLightmaps * sizeof( outLightmap_t ) ); olm = safe_malloc( numOutLightmaps * sizeof( outLightmap_t ) );
if ( !olm )
{
Error( "FindOutLightmaps: Failed to allocate memory.\n" );
}
if ( outLightmaps != NULL && numOutLightmaps > 2 ) { if ( outLightmaps != NULL && numOutLightmaps > 2 ) {
memcpy( olm, outLightmaps, ( numOutLightmaps - 2 ) * sizeof( outLightmap_t ) ); memcpy( olm, outLightmaps, ( numOutLightmaps - 2 ) * sizeof( outLightmap_t ) );
free( outLightmaps ); free( outLightmaps );

View file

@ -279,7 +279,7 @@ int AnalyzeBSP( int argc, char **argv ){
lumpInt = LittleLong( (int) *( (int*) lump ) ); lumpInt = LittleLong( (int) *( (int*) lump ) );
lumpFloat = LittleFloat( (float) *( (float*) lump ) ); lumpFloat = LittleFloat( (float) *( (float*) lump ) );
memcpy( lumpString, (char*) lump, ( length < 1024 ? length : 1024 ) ); memcpy( lumpString, (char*) lump, ( length < 1024 ? length : 1024 ) );
lumpString[ 1024 ] = '\0'; lumpString[ 1023 ] = '\0';
/* print basic lump info */ /* print basic lump info */
Sys_Printf( "Lump: %d\n", i ); Sys_Printf( "Lump: %d\n", i );

View file

@ -763,7 +763,7 @@ typedef struct shaderInfo_s
sun_t *sun; /* ydnar */ sun_t *sun; /* ydnar */
vec3_t color; /* normalized color */ vec3_t color; /* normalized color */
vec3_t averageColor; vec4_t averageColor;
byte lightStyle; byte lightStyle;
qb_t lmMergable; /* ydnar */ qb_t lmMergable; /* ydnar */

View file

@ -791,6 +791,7 @@ static void LoadShaderImages( shaderInfo_t *si ){
ColorNormalize( color, si->color ); ColorNormalize( color, si->color );
} }
VectorScale( color, ( 1.0f / count ), si->averageColor ); VectorScale( color, ( 1.0f / count ), si->averageColor );
si->averageColor[ 3 ] = color[ 3 ] / count;
} }

View file

@ -740,7 +740,8 @@ static qboolean PointTriangleIntersect( vec3_t pt, vec4_t plane, vec3_t a, vec3_
typedef struct edge_s typedef struct edge_s
{ {
vec3_t origin, edge; vec3_t origin;
vec4_t edge;
vec_t length, kingpinLength; vec_t length, kingpinLength;
int kingpin; int kingpin;
vec4_t plane; vec4_t plane;

View file

@ -68,6 +68,8 @@ void IncDrawVerts(){
} }
else if ( numBSPDrawVerts > numBSPDrawVertsBuffer ) { else if ( numBSPDrawVerts > numBSPDrawVertsBuffer ) {
bspDrawVert_t *newBspDrawVerts;
numBSPDrawVertsBuffer *= 3; // multiply by 1.5 numBSPDrawVertsBuffer *= 3; // multiply by 1.5
numBSPDrawVertsBuffer /= 2; numBSPDrawVertsBuffer /= 2;
@ -75,11 +77,14 @@ void IncDrawVerts(){
numBSPDrawVertsBuffer = MAX_MAP_DRAW_VERTS; numBSPDrawVertsBuffer = MAX_MAP_DRAW_VERTS;
} }
bspDrawVerts = realloc( bspDrawVerts, sizeof( bspDrawVert_t ) * numBSPDrawVertsBuffer ); newBspDrawVerts = realloc( bspDrawVerts, sizeof( bspDrawVert_t ) * numBSPDrawVertsBuffer );
if ( !bspDrawVerts ) { if ( !newBspDrawVerts ) {
free (bspDrawVerts);
Error( "realloc() failed (IncDrawVerts)" ); Error( "realloc() failed (IncDrawVerts)" );
} }
bspDrawVerts = newBspDrawVerts;
} }
memset( bspDrawVerts + ( numBSPDrawVerts - 1 ), 0, sizeof( bspDrawVert_t ) ); memset( bspDrawVerts + ( numBSPDrawVerts - 1 ), 0, sizeof( bspDrawVert_t ) );

View file

@ -185,10 +185,10 @@ static void RadClipWindingEpsilon( radWinding_t *in, vec3_t normal, vec_t dist,
} }
/* error check */ /* error check */
if ( front->numVerts > maxPoints || front->numVerts > maxPoints ) { if ( front->numVerts > maxPoints ) {
Error( "RadClipWindingEpsilon: points exceeded estimate" ); Error( "RadClipWindingEpsilon: points exceeded estimate" );
} }
if ( front->numVerts > MAX_POINTS_ON_WINDING || front->numVerts > MAX_POINTS_ON_WINDING ) { if ( front->numVerts > MAX_POINTS_ON_WINDING ) {
Error( "RadClipWindingEpsilon: MAX_POINTS_ON_WINDING" ); Error( "RadClipWindingEpsilon: MAX_POINTS_ON_WINDING" );
} }
} }
@ -279,7 +279,7 @@ static void RadSample( int lightmapNum, bspDrawSurface_t *ds, rawLightmap_t *lm,
/* multiply by texture color */ /* multiply by texture color */
if ( !RadSampleImage( si->lightImage->pixels, si->lightImage->width, si->lightImage->height, rw->verts[ samples ].st, textureColor ) ) { if ( !RadSampleImage( si->lightImage->pixels, si->lightImage->width, si->lightImage->height, rw->verts[ samples ].st, textureColor ) ) {
VectorCopy( si->averageColor, textureColor ); VectorCopy( si->averageColor, textureColor );
textureColor[ 4 ] = 255.0f; textureColor[ 3 ] = 255.0f;
} }
for ( i = 0; i < 3; i++ ) for ( i = 0; i < 3; i++ )
color[ i ] = ( textureColor[ i ] / 255 ) * ( rw->verts[ samples ].color[ lightmapNum ][ i ] / 255.0f ); color[ i ] = ( textureColor[ i ] / 255 ) * ( rw->verts[ samples ].color[ lightmapNum ][ i ] / 255.0f );
@ -363,7 +363,7 @@ static void RadSample( int lightmapNum, bspDrawSurface_t *ds, rawLightmap_t *lm,
/* multiply by texture color */ /* multiply by texture color */
if ( !RadSampleImage( si->lightImage->pixels, si->lightImage->width, si->lightImage->height, st, textureColor ) ) { if ( !RadSampleImage( si->lightImage->pixels, si->lightImage->width, si->lightImage->height, st, textureColor ) ) {
VectorCopy( si->averageColor, textureColor ); VectorCopy( si->averageColor, textureColor );
textureColor[ 4 ] = 255; textureColor[ 3 ] = 255;
} }
for ( i = 0; i < 3; i++ ) for ( i = 0; i < 3; i++ )
color[ i ] = ( textureColor[ i ] / 255 ) * ( radLuxel[ i ] / 255 ); color[ i ] = ( textureColor[ i ] / 255 ) * ( radLuxel[ i ] / 255 );

View file

@ -169,7 +169,7 @@ int AnalyzeBSP( int argc, char **argv ){
lumpInt = LittleLong( (int) *( (int*) lump ) ); lumpInt = LittleLong( (int) *( (int*) lump ) );
lumpFloat = LittleFloat( (float) *( (float*) lump ) ); lumpFloat = LittleFloat( (float) *( (float*) lump ) );
memcpy( lumpString, (char*) lump, ( length < 1024 ? length : 1024 ) ); memcpy( lumpString, (char*) lump, ( length < 1024 ? length : 1024 ) );
lumpString[ 1024 ] = '\0'; lumpString[ 1023 ] = '\0';
/* print basic lump info */ /* print basic lump info */
Sys_Printf( "Lump: %d\n", i ); Sys_Printf( "Lump: %d\n", i );

View file

@ -743,7 +743,7 @@ typedef struct shaderInfo_s
int sun_done; int sun_done;
vec3_t color; /* normalized color */ vec3_t color; /* normalized color */
vec3_t averageColor; vec4_t averageColor;
byte lightStyle; byte lightStyle;
qb_t lmMergable; /* ydnar */ qb_t lmMergable; /* ydnar */

View file

@ -789,10 +789,12 @@ static void LoadShaderImages( shaderInfo_t *si ){
if ( VectorLength( si->color ) <= 0.0f ) { if ( VectorLength( si->color ) <= 0.0f ) {
ColorNormalize( color, si->color ); ColorNormalize( color, si->color );
VectorScale( color, ( 1.0f / count ), si->averageColor ); VectorScale( color, ( 1.0f / count ), si->averageColor );
si->averageColor[ 3 ] = color[ 3 ] / count;
} }
else else
{ {
VectorCopy( si->color, si->averageColor ); VectorCopy( si->color, si->averageColor );
si->averageColor[ 3 ] = 1.0f;
} }
} }

View file

@ -743,7 +743,8 @@ static qboolean PointTriangleIntersect( vec3_t pt, vec4_t plane, vec3_t a, vec3_
typedef struct edge_s typedef struct edge_s
{ {
vec3_t origin, edge; vec3_t origin;
vec4_t edge;
vec_t length, kingpinLength; vec_t length, kingpinLength;
int kingpin; int kingpin;
vec4_t plane; vec4_t plane;