mirror of
https://github.com/ZDoom/raze-gles.git
synced 2024-12-25 11:10:47 +00:00
Mapster32: fix a possible oob read via drawspritelabel; sanitize 2d3d mode.
That is, in m32_is2d3dmode(), also check if 2d and 3d mode resultions are the same. Otherwise, oob writes (e.g. via tileinfo_doprint()) and other thinkable niceties may ensue. git-svn-id: https://svn.eduke32.com/eduke32@5291 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
parent
21e9125f2d
commit
0419e64c0a
3 changed files with 14 additions and 2 deletions
|
@ -370,9 +370,16 @@ extern vec2_t m32_2d3d;
|
|||
#define XSIZE_2D3D (xdim2d / m32_2d3dsize)
|
||||
#define YSIZE_2D3D (ydim2d / m32_2d3dsize)
|
||||
|
||||
static inline int32_t m32_2d3d_resolutions_match()
|
||||
{
|
||||
return (xdimgame == xdim2d && ydimgame == ydim2d);
|
||||
}
|
||||
|
||||
static inline int32_t m32_is2d3dmode(void)
|
||||
{
|
||||
return !in3dmode() && m32_2d3dmode && searchx > m32_2d3d.x && searchx < (m32_2d3d.x + XSIZE_2D3D) &&
|
||||
return !in3dmode() && m32_2d3dmode &&
|
||||
m32_2d3d_resolutions_match() &&
|
||||
searchx > m32_2d3d.x && searchx < (m32_2d3d.x + XSIZE_2D3D) &&
|
||||
searchy > m32_2d3d.y && searchy < (m32_2d3d.y + YSIZE_2D3D);
|
||||
}
|
||||
|
||||
|
|
|
@ -3252,6 +3252,11 @@ static void isc_transform(int32_t *x, int32_t *y)
|
|||
|
||||
static void drawspritelabel(int i)
|
||||
{
|
||||
// XXX: oob 'i' may happen, such as passing pointhighlight-16384 when
|
||||
// pointhighlight == -1.
|
||||
if ((unsigned)i >= MAXSPRITES)
|
||||
return;
|
||||
|
||||
const char *dabuffer = CallExtGetSpriteCaption(i);
|
||||
|
||||
if (!dabuffer[0])
|
||||
|
|
|
@ -10482,7 +10482,7 @@ static void Keys2d3d(void)
|
|||
{
|
||||
keystatus[KEYSC_F10]=0;
|
||||
|
||||
if (xdimgame != xdim2d || ydimgame != ydim2d)
|
||||
if (!m32_2d3d_resolutions_match())
|
||||
message("2d and 3d mode resolutions don't match!");
|
||||
|
||||
else if (!in3dmode())
|
||||
|
|
Loading…
Reference in a new issue