From 9b72e34223704d310daf8d5d105bd645c2c70a6c Mon Sep 17 00:00:00 2001
From: Randy Heit <rheit@zdoom.fake>
Date: Tue, 23 Jan 2007 01:13:17 +0000
Subject: [PATCH] - Added a range check for the PNG grAb chunks. - Fixed:
AddLine() could corrupt memory if the length of the text being added was
longer than the console buffer. - Fixed: FTexture::GetScaled(Left|Top)Offset
returned the Width and Height instead when the scale values were 0. -
Removed the unnecessary "mov ecx,c" from mscinlines.h:Scale().
SVN r461 (trunk)
---
docs/rh-log.txt | 6 ++++++
src/c_console.cpp | 5 +++++
src/mscinlines.h | 3 +--
src/r_defs.h | 4 ++--
src/textures/pngtexture.cpp | 19 ++++++++++++++++---
5 files changed, 30 insertions(+), 7 deletions(-)
diff --git a/docs/rh-log.txt b/docs/rh-log.txt
index 5ec9411ca..97f42438c 100644
--- a/docs/rh-log.txt
+++ b/docs/rh-log.txt
@@ -1,4 +1,10 @@
January 22, 2007
+- Added a range check for the PNG grAb chunks.
+- Fixed: AddLine() could corrupt memory if the length of the text being
+ added was longer than the console buffer.
+- Fixed: FTexture::GetScaled(Left|Top)Offset returned the Width and Height
+ instead when the scale values were 0.
+- Removed the unnecessary "mov ecx,c" from mscinlines.h:Scale().
- Fixed: The simulated palette blend used when the console is down needs to
force a full screen update the next frame.
- Fixed: LocalViewPitch could overflow and wrap around when a netgame stalls.
diff --git a/src/c_console.cpp b/src/c_console.cpp
index 3fa5eca2b..35137af6b 100644
--- a/src/c_console.cpp
+++ b/src/c_console.cpp
@@ -637,6 +637,11 @@ static void AddLine (const char *text, bool more, int len)
TopLine = FlushLines (BufferRover, ConsoleBuffer + CONSOLESIZE);
BufferRover = ConsoleBuffer;
}
+ if (len >= CONSOLESIZE - 1)
+ {
+ text = text + len - CONSOLESIZE + 1;
+ len = CONSOLESIZE - 1;
+ }
TopLine = FlushLines (BufferRover, BufferRover + len + 1);
memcpy (BufferRover, text, len);
BufferRover[len] = 0;
diff --git a/src/mscinlines.h b/src/mscinlines.h
index fac162fc8..9e14668ab 100644
--- a/src/mscinlines.h
+++ b/src/mscinlines.h
@@ -23,9 +23,8 @@
__forceinline SDWORD Scale (SDWORD a, SDWORD b, SDWORD c)
{
__asm mov eax,a
- __asm mov ecx,c
__asm imul b
- __asm idiv ecx
+ __asm idiv c
}
__forceinline SDWORD MulScale (SDWORD a, SDWORD b, SDWORD c)
diff --git a/src/r_defs.h b/src/r_defs.h
index e1497ffe8..b694b17c4 100644
--- a/src/r_defs.h
+++ b/src/r_defs.h
@@ -652,8 +652,8 @@ public:
int GetScaledWidth () { return ScaleX ? DivScale3(Width, ScaleX) : Width; }
int GetScaledHeight () { return ScaleY ? DivScale3(Height, ScaleY) : Height; }
- int GetScaledLeftOffset () { return ScaleX ? DivScale3(LeftOffset, ScaleX) : Width; }
- int GetScaledTopOffset () { return ScaleY ? DivScale3(TopOffset, ScaleY) : Height; }
+ int GetScaledLeftOffset () { return ScaleX ? DivScale3(LeftOffset, ScaleX) : LeftOffset; }
+ int GetScaledTopOffset () { return ScaleY ? DivScale3(TopOffset, ScaleY) : TopOffset; }
virtual void SetFrontSkyLayer();
diff --git a/src/textures/pngtexture.cpp b/src/textures/pngtexture.cpp
index f755544a2..66d8098ab 100644
--- a/src/textures/pngtexture.cpp
+++ b/src/textures/pngtexture.cpp
@@ -154,10 +154,23 @@ FPNGTexture::FPNGTexture (FileReader &lump, int lumpnum, int width, int height,
// This is like GRAB found in an ILBM, except coordinates use 4 bytes
{
DWORD hotx, hoty;
-
+ int ihotx, ihoty;
+
lump >> hotx >> hoty;
- LeftOffset = BigLong((int)hotx);
- TopOffset = BigLong((int)hoty);
+ ihotx = BigLong((int)hotx);
+ ihoty = BigLong((int)hoty);
+ if (ihotx < -32768 || ihotx > 32767)
+ {
+ Printf ("X-Offset for PNG texture %s is bad: %d (0x%08x)\n", Wads.GetLumpFullName (lumpnum), ihotx, ihotx);
+ ihotx = 0;
+ }
+ if (ihoty < -32768 || ihoty > 32767)
+ {
+ Printf ("Y-Offset for PNG texture %s is bad: %d (0x%08x)\n", Wads.GetLumpFullName (lumpnum), ihoty, ihoty);
+ ihoty = 0;
+ }
+ LeftOffset = (int)ihotx;
+ TopOffset = (int)ihoty;
}
break;