From 9b72e34223704d310daf8d5d105bd645c2c70a6c Mon Sep 17 00:00:00 2001 From: Randy Heit Date: Tue, 23 Jan 2007 01:13:17 +0000 Subject: [PATCH] - Added a range check for the PNG grAb chunks. - Fixed: AddLine() could corrupt memory if the length of the text being added was longer than the console buffer. - Fixed: FTexture::GetScaled(Left|Top)Offset returned the Width and Height instead when the scale values were 0. - Removed the unnecessary "mov ecx,c" from mscinlines.h:Scale(). SVN r461 (trunk) --- docs/rh-log.txt | 6 ++++++ src/c_console.cpp | 5 +++++ src/mscinlines.h | 3 +-- src/r_defs.h | 4 ++-- src/textures/pngtexture.cpp | 19 ++++++++++++++++--- 5 files changed, 30 insertions(+), 7 deletions(-) diff --git a/docs/rh-log.txt b/docs/rh-log.txt index 5ec9411ca..97f42438c 100644 --- a/docs/rh-log.txt +++ b/docs/rh-log.txt @@ -1,4 +1,10 @@ January 22, 2007 +- Added a range check for the PNG grAb chunks. +- Fixed: AddLine() could corrupt memory if the length of the text being + added was longer than the console buffer. +- Fixed: FTexture::GetScaled(Left|Top)Offset returned the Width and Height + instead when the scale values were 0. +- Removed the unnecessary "mov ecx,c" from mscinlines.h:Scale(). - Fixed: The simulated palette blend used when the console is down needs to force a full screen update the next frame. - Fixed: LocalViewPitch could overflow and wrap around when a netgame stalls. diff --git a/src/c_console.cpp b/src/c_console.cpp index 3fa5eca2b..35137af6b 100644 --- a/src/c_console.cpp +++ b/src/c_console.cpp @@ -637,6 +637,11 @@ static void AddLine (const char *text, bool more, int len) TopLine = FlushLines (BufferRover, ConsoleBuffer + CONSOLESIZE); BufferRover = ConsoleBuffer; } + if (len >= CONSOLESIZE - 1) + { + text = text + len - CONSOLESIZE + 1; + len = CONSOLESIZE - 1; + } TopLine = FlushLines (BufferRover, BufferRover + len + 1); memcpy (BufferRover, text, len); BufferRover[len] = 0; diff --git a/src/mscinlines.h b/src/mscinlines.h index fac162fc8..9e14668ab 100644 --- a/src/mscinlines.h +++ b/src/mscinlines.h @@ -23,9 +23,8 @@ __forceinline SDWORD Scale (SDWORD a, SDWORD b, SDWORD c) { __asm mov eax,a - __asm mov ecx,c __asm imul b - __asm idiv ecx + __asm idiv c } __forceinline SDWORD MulScale (SDWORD a, SDWORD b, SDWORD c) diff --git a/src/r_defs.h b/src/r_defs.h index e1497ffe8..b694b17c4 100644 --- a/src/r_defs.h +++ b/src/r_defs.h @@ -652,8 +652,8 @@ public: int GetScaledWidth () { return ScaleX ? DivScale3(Width, ScaleX) : Width; } int GetScaledHeight () { return ScaleY ? DivScale3(Height, ScaleY) : Height; } - int GetScaledLeftOffset () { return ScaleX ? DivScale3(LeftOffset, ScaleX) : Width; } - int GetScaledTopOffset () { return ScaleY ? DivScale3(TopOffset, ScaleY) : Height; } + int GetScaledLeftOffset () { return ScaleX ? DivScale3(LeftOffset, ScaleX) : LeftOffset; } + int GetScaledTopOffset () { return ScaleY ? DivScale3(TopOffset, ScaleY) : TopOffset; } virtual void SetFrontSkyLayer(); diff --git a/src/textures/pngtexture.cpp b/src/textures/pngtexture.cpp index f755544a2..66d8098ab 100644 --- a/src/textures/pngtexture.cpp +++ b/src/textures/pngtexture.cpp @@ -154,10 +154,23 @@ FPNGTexture::FPNGTexture (FileReader &lump, int lumpnum, int width, int height, // This is like GRAB found in an ILBM, except coordinates use 4 bytes { DWORD hotx, hoty; - + int ihotx, ihoty; + lump >> hotx >> hoty; - LeftOffset = BigLong((int)hotx); - TopOffset = BigLong((int)hoty); + ihotx = BigLong((int)hotx); + ihoty = BigLong((int)hoty); + if (ihotx < -32768 || ihotx > 32767) + { + Printf ("X-Offset for PNG texture %s is bad: %d (0x%08x)\n", Wads.GetLumpFullName (lumpnum), ihotx, ihotx); + ihotx = 0; + } + if (ihoty < -32768 || ihoty > 32767) + { + Printf ("Y-Offset for PNG texture %s is bad: %d (0x%08x)\n", Wads.GetLumpFullName (lumpnum), ihoty, ihoty); + ihoty = 0; + } + LeftOffset = (int)ihotx; + TopOffset = (int)ihoty; } break;