zdoom/raze-gles
0
0
Fork 0
mirror of https://github.com/ZDoom/raze-gles.git synced 2024-12-26 03:30:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

baselayer.c: fix an oob write to ylookup[] intoduced in r4695.

Browse source 
On Linux, it started manifesting itself since r4719 as crashes whose
backtraces pointed to malloc() and were not helpful. Valgrind finally
uncovered this.

git-svn-id: https://svn.eduke32.com/eduke32@4724 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
helixhorned 2014-11-06 23:43:47 +00:00
parent 502f5dac64
commit e8553b5398
2 changed files with 5 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
polymer/eduke32/build/include/build.h
View file

@ -757,7 +757,6 @@ EXTERN int32_t yxaspect, viewingrange;
extern "C" { extern "C" {
#endif #endif
EXTERN intptr_t *ylookup; EXTERN intptr_t *ylookup;
EXTERN int32_t ylookupsiz;
#ifdef __cplusplus #ifdef __cplusplus
}; };
#endif #endif

8
polymer/eduke32/build/src/baselayer.c
View file

@ -187,14 +187,14 @@ int32_t nx_unprotect(intptr_t beg, intptr_t end)
void calc_ylookup(int32_t bpl, int32_t lastyidx) void calc_ylookup(int32_t bpl, int32_t lastyidx)
{ {
int32_t i, j=0; int32_t i, j=0;
static int32_t ylookupsiz;
lastyidx++;
Bassert(lastyidx <= MAXYDIM); Bassert(lastyidx <= MAXYDIM);
lastyidx++;
if (lastyidx > ylookupsiz) if (lastyidx > ylookupsiz)
{ {
if (ylookup)
Baligned_free(ylookup); Baligned_free(ylookup);
ylookup = (intptr_t *)Xaligned_alloc(16, lastyidx * sizeof(intptr_t)); ylookup = (intptr_t *)Xaligned_alloc(16, lastyidx * sizeof(intptr_t));
@ -213,7 +213,7 @@ void calc_ylookup(int32_t bpl, int32_t lastyidx)
j += (bpl << 2); j += (bpl << 2);
} }
for (; i<=lastyidx; i++) for (; i<lastyidx; i++)
{ {
ylookup[i] = j; ylookup[i] = j;
j += bpl; j += bpl;