From 359614df700590df0fbc97c5f1c472897b318b3d Mon Sep 17 00:00:00 2001
From: helixhorned <helixhorned@1a8010ca-5511-0410-912e-c29ae57300e0>
Date: Sun, 18 Mar 2012 23:17:51 +0000
Subject: [PATCH] Input validation: guard makepalookup 'pal', 2dcol 'col'.  Add
 one const.

git-svn-id: https://svn.eduke32.com/eduke32@2500 1a8010ca-5511-0410-912e-c29ae57300e0
---
 polymer/eduke32/build/include/build.h | 2 +-
 polymer/eduke32/build/src/defs.c      | 2 +-
 polymer/eduke32/build/src/engine.c    | 5 ++++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/polymer/eduke32/build/include/build.h b/polymer/eduke32/build/include/build.h
index f658ba3fa..06fc52ae1 100644
--- a/polymer/eduke32/build/include/build.h
+++ b/polymer/eduke32/build/include/build.h
@@ -561,7 +561,7 @@ void   loadtile(int16_t tilenume);
 int32_t   qloadkvx(int32_t voxindex, const char *filename);
 int32_t   allocatepermanenttile(int16_t tilenume, int32_t xsiz, int32_t ysiz);
 //void   copytilepiece(int32_t tilenume1, int32_t sx1, int32_t sy1, int32_t xsiz, int32_t ysiz, int32_t tilenume2, int32_t sx2, int32_t sy2);
-void   makepalookup(int32_t palnum, char *remapbuf, int8_t r, int8_t g, int8_t b, char dastat);
+void   makepalookup(int32_t palnum, const char *remapbuf, int8_t r, int8_t g, int8_t b, char dastat);
 //void   setvgapalette(void);
 void   setbasepaltable(uint8_t **basepaltable, uint8_t basepalcount);
 void   setbrightness(char dabrightness, uint8_t dapalid, uint8_t flags);
diff --git a/polymer/eduke32/build/src/defs.c b/polymer/eduke32/build/src/defs.c
index 194fded0d..11f3caf7d 100644
--- a/polymer/eduke32/build/src/defs.c
+++ b/polymer/eduke32/build/src/defs.c
@@ -380,7 +380,7 @@ static int32_t defsparser(scriptfile *script)
             if (scriptfile_getnumber(script,&g)) break;
             if (scriptfile_getnumber(script,&b)) break;
 
-            if (col < 256)
+            if ((unsigned)col < 256)
             {
                 vgapal16[col*4+0] = b; // blue
                 vgapal16[col*4+1] = g; // green
diff --git a/polymer/eduke32/build/src/engine.c b/polymer/eduke32/build/src/engine.c
index 3916e7dcb..26e6f51b7 100644
--- a/polymer/eduke32/build/src/engine.c
+++ b/polymer/eduke32/build/src/engine.c
@@ -13519,13 +13519,16 @@ void rotatesprite(int32_t sx, int32_t sy, int32_t z, int16_t a, int16_t picnum,
 //
 // makepalookup
 //
-void makepalookup(int32_t palnum, char *remapbuf, int8_t r, int8_t g, int8_t b, char dastat)
+void makepalookup(int32_t palnum, const char *remapbuf, int8_t r, int8_t g, int8_t b, char dastat)
 {
     int32_t i, j, palscale;
     char *ptr, *ptr2;
 
     if (paletteloaded == 0) return;
 
+    if ((unsigned)palnum >= MAXPALOOKUPS)
+        return;
+
     if (palookup[palnum] == NULL)
     {
         //Allocate palookup buffer