From 4e6f983db8eea07c7b2ccd768954c4d1bcf36f99 Mon Sep 17 00:00:00 2001 From: kts Date: Sun, 17 Nov 2013 16:37:10 -0800 Subject: [PATCH] win32/64 uncovered out-of-bounds reading/writing for getpixel/putpixel in interface/sdl.c, so both functions now check if x/y is greater than or equal to 0 and less than or equal to the surface's width/height. --- devcpp/Makefile.win | 24 ++++++++++++------------ devcpp/timesynk-sdl.layout | 12 ++++++------ interface/sdl.c | 11 +++++++---- 3 files changed, 25 insertions(+), 22 deletions(-) diff --git a/devcpp/Makefile.win b/devcpp/Makefile.win index 1460a97..5df1547 100644 --- a/devcpp/Makefile.win +++ b/devcpp/Makefile.win @@ -1,15 +1,15 @@ -# Project: timesynk-pdcurses +# Project: timesynk-sdl # Makefile created by Dev-C++ 5.4.2 CPP = g++.exe CC = gcc.exe WINDRES = windres.exe -OBJ = ../main.o ../interface/curses.o ../net/sockets.o ../game.o ../player.o ../wall.o ../console.o ../context.o ../helper.o ../map.o ../npc.o ../tile.o ../tiles/curses_tiles.o ../message.o ../inventory.o -LINKOBJ = ../main.o ../interface/curses.o ../net/sockets.o ../game.o ../player.o ../wall.o ../console.o ../context.o ../helper.o ../map.o ../npc.o ../tile.o ../tiles/curses_tiles.o ../message.o ../inventory.o -LIBS = -L"C:/Program Files (x86)/Dev-Cpp/MinGW32/lib" -static-libstdc++ -static-libgcc ../../PDCurses/pdcurses.lib ../../../Windows/System32/ws2_32.dll -g3 -INCS = -I"C:/Program Files (x86)/Dev-Cpp/MinGW32/include" -I"../../PDCurses" -CXXINCS = -I"C:/Program Files (x86)/Dev-Cpp/MinGW32/include" -I"../../PDCurses" -BIN = timesynk-pdcurses.exe +OBJ = ../main.o ../interface/sdl.o ../net/sockets.o ../game.o ../player.o ../wall.o ../tiles/tiles.o ../console.o ../context.o ../helper.o ../map.o ../npc.o ../tile.o ../message.o ../inventory.o +LINKOBJ = ../main.o ../interface/sdl.o ../net/sockets.o ../game.o ../player.o ../wall.o ../tiles/tiles.o ../console.o ../context.o ../helper.o ../map.o ../npc.o ../tile.o ../message.o ../inventory.o +LIBS = -L"C:/Program Files (x86)/Dev-Cpp/MinGW32/lib" -static-libstdc++ -static-libgcc -L"../../SDL-1.2.15/lib" -mwindows -lsdl -lSDL_image -lSDLmain -lws2_32 C:/Windows/System32/ws2_32.dll -g3 +INCS = -I"C:/Program Files (x86)/Dev-Cpp/MinGW32/include" -I"../../SDL-1.2.15/include" +CXXINCS = -I"C:/Program Files (x86)/Dev-Cpp/MinGW32/include" -I"../../SDL-1.2.15/include" +BIN = timesynk-sdl.exe CXXFLAGS = $(CXXINCS) -g3 CFLAGS = $(INCS) -g3 RM = rm -f @@ -28,8 +28,8 @@ $(BIN): $(OBJ) ../main.o: ../main.c $(CC) -c ../main.c -o ../main.o $(CFLAGS) -../interface/curses.o: ../interface/curses.c - $(CC) -c ../interface/curses.c -o ../interface/curses.o $(CFLAGS) +../interface/sdl.o: ../interface/sdl.c + $(CC) -c ../interface/sdl.c -o ../interface/sdl.o $(CFLAGS) ../net/sockets.o: ../net/sockets.c $(CC) -c ../net/sockets.c -o ../net/sockets.o $(CFLAGS) @@ -43,6 +43,9 @@ $(BIN): $(OBJ) ../wall.o: ../wall.c $(CC) -c ../wall.c -o ../wall.o $(CFLAGS) +../tiles/tiles.o: ../tiles/tiles.c + $(CC) -c ../tiles/tiles.c -o ../tiles/tiles.o $(CFLAGS) + ../console.o: ../console.c $(CC) -c ../console.c -o ../console.o $(CFLAGS) @@ -61,9 +64,6 @@ $(BIN): $(OBJ) ../tile.o: ../tile.c $(CC) -c ../tile.c -o ../tile.o $(CFLAGS) -../tiles/curses_tiles.o: ../tiles/curses_tiles.c - $(CC) -c ../tiles/curses_tiles.c -o ../tiles/curses_tiles.o $(CFLAGS) - ../message.o: ../message.c $(CC) -c ../message.c -o ../message.o $(CFLAGS) diff --git a/devcpp/timesynk-sdl.layout b/devcpp/timesynk-sdl.layout index cc67af9..a2dab93 100644 --- a/devcpp/timesynk-sdl.layout +++ b/devcpp/timesynk-sdl.layout @@ -6,7 +6,7 @@ LeftChar=1 Open=0 Top=0 [Editors] -Order= +Order=-1 Focused=-1 [Editor_1] Open=0 @@ -30,11 +30,11 @@ CursorRow=21 TopLine=1 LeftChar=1 [Editor_4] -Open=0 -Top=0 -CursorCol=1 -CursorRow=33 -TopLine=1 +Open=1 +Top=1 +CursorCol=60 +CursorRow=643 +TopLine=616 LeftChar=1 [Editor_5] Open=0 diff --git a/interface/sdl.c b/interface/sdl.c index c8d7606..54481c8 100644 --- a/interface/sdl.c +++ b/interface/sdl.c @@ -606,8 +606,8 @@ Uint32 combinepixels(Uint32 pixel_1, Uint32 pixel_2) { #endif } -Uint32 getpixel(SDL_Surface *surface, int x, int y) -{ +Uint32 getpixel(SDL_Surface *surface, int x, int y) { + if (y >= 0 && x >= 0 && x <= surface->w && y <= surface->h) { int bpp = surface->format->BytesPerPixel; /* Here p is the address to the pixel we want to retrieve */ Uint8 *p = (Uint8 *)surface->pixels + y * surface->pitch + x * bpp; @@ -635,10 +635,12 @@ Uint32 getpixel(SDL_Surface *surface, int x, int y) default: return 0; /* shouldn't happen, but avoids warnings */ } + } + return 0; } -void putpixel(SDL_Surface *surface, int x, int y, Uint32 pixel) -{ +void putpixel(SDL_Surface *surface, int x, int y, Uint32 pixel) { + if (y >= 0 && x >= 0 && x <= surface->w && y <= surface->h) { int bpp = surface->format->BytesPerPixel; /* Here p is the address to the pixel we want to set */ Uint8 *p = (Uint8 *)surface->pixels + y * surface->pitch + x * bpp; @@ -668,6 +670,7 @@ void putpixel(SDL_Surface *surface, int x, int y, Uint32 pixel) *(Uint32 *)p = pixel; break; } + } } /*SDL_Surface *interfaceScaleSurface(SDL_Surface *Surface, Uint16 Width, Uint16 Height) {