From 5d67987fe1c6fea20e34edffa5389d20d8435d60 Mon Sep 17 00:00:00 2001 From: Christoph Oelckers Date: Fri, 2 Jul 2021 20:33:09 +0200 Subject: [PATCH] - don't attempt to decode animation frames at offsets beyond the end of the current page. Copied from EDuke32. --- source/common/textures/animlib.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source/common/textures/animlib.cpp b/source/common/textures/animlib.cpp index d9cdccc7d..c712ae2bf 100644 --- a/source/common/textures/animlib.cpp +++ b/source/common/textures/animlib.cpp @@ -188,6 +188,9 @@ static void renderframe(anim_t *anim, uint16_t framenumber, uint16_t *pagepointe while (frame--) offset += LittleShort(pagepointer[frame]); + if (offset >= anim->curlp->nBytes) + return; + uint8_t *ppointer = (uint8_t *)(pagepointer) + anim->curlp->nRecords*2 + offset + 4; if ((ppointer-4)[1])