mirror of
https://github.com/ZDoom/raze-gles.git
synced 2024-12-25 03:00:46 +00:00
baselayer.c: fix an oob write to ylookup[] intoduced in r4695.
On Linux, it started manifesting itself since r4719 as crashes whose backtraces pointed to malloc() and were not helpful. Valgrind finally uncovered this. git-svn-id: https://svn.eduke32.com/eduke32@4724 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
parent
502f5dac64
commit
e8553b5398
2 changed files with 5 additions and 6 deletions
|
@ -757,7 +757,6 @@ EXTERN int32_t yxaspect, viewingrange;
|
|||
extern "C" {
|
||||
#endif
|
||||
EXTERN intptr_t *ylookup;
|
||||
EXTERN int32_t ylookupsiz;
|
||||
#ifdef __cplusplus
|
||||
};
|
||||
#endif
|
||||
|
|
|
@ -187,15 +187,15 @@ int32_t nx_unprotect(intptr_t beg, intptr_t end)
|
|||
void calc_ylookup(int32_t bpl, int32_t lastyidx)
|
||||
{
|
||||
int32_t i, j=0;
|
||||
|
||||
lastyidx++;
|
||||
static int32_t ylookupsiz;
|
||||
|
||||
Bassert(lastyidx <= MAXYDIM);
|
||||
|
||||
lastyidx++;
|
||||
|
||||
if (lastyidx > ylookupsiz)
|
||||
{
|
||||
if (ylookup)
|
||||
Baligned_free(ylookup);
|
||||
Baligned_free(ylookup);
|
||||
|
||||
ylookup = (intptr_t *)Xaligned_alloc(16, lastyidx * sizeof(intptr_t));
|
||||
#if !defined(NOASM) && !defined(GEKKO) && !defined(__ANDROID__)
|
||||
|
@ -213,7 +213,7 @@ void calc_ylookup(int32_t bpl, int32_t lastyidx)
|
|||
j += (bpl << 2);
|
||||
}
|
||||
|
||||
for (; i<=lastyidx; i++)
|
||||
for (; i<lastyidx; i++)
|
||||
{
|
||||
ylookup[i] = j;
|
||||
j += bpl;
|
||||
|
|
Loading…
Reference in a new issue