win32/64 uncovered out-of-bounds reading/writing for getpixel/putpixel in interface/sdl.c, so both functions now check if x/y is greater than or equal to 0 and less than or equal to the surface's width/height.

master
kts 2013-11-17 16:37:10 -08:00
parent 7e7a4bd2fe
commit 4e6f983db8
3 changed files with 25 additions and 22 deletions

View File

@ -1,15 +1,15 @@
# Project: timesynk-pdcurses # Project: timesynk-sdl
# Makefile created by Dev-C++ 5.4.2 # Makefile created by Dev-C++ 5.4.2
CPP = g++.exe CPP = g++.exe
CC = gcc.exe CC = gcc.exe
WINDRES = windres.exe WINDRES = windres.exe
OBJ = ../main.o ../interface/curses.o ../net/sockets.o ../game.o ../player.o ../wall.o ../console.o ../context.o ../helper.o ../map.o ../npc.o ../tile.o ../tiles/curses_tiles.o ../message.o ../inventory.o OBJ = ../main.o ../interface/sdl.o ../net/sockets.o ../game.o ../player.o ../wall.o ../tiles/tiles.o ../console.o ../context.o ../helper.o ../map.o ../npc.o ../tile.o ../message.o ../inventory.o
LINKOBJ = ../main.o ../interface/curses.o ../net/sockets.o ../game.o ../player.o ../wall.o ../console.o ../context.o ../helper.o ../map.o ../npc.o ../tile.o ../tiles/curses_tiles.o ../message.o ../inventory.o LINKOBJ = ../main.o ../interface/sdl.o ../net/sockets.o ../game.o ../player.o ../wall.o ../tiles/tiles.o ../console.o ../context.o ../helper.o ../map.o ../npc.o ../tile.o ../message.o ../inventory.o
LIBS = -L"C:/Program Files (x86)/Dev-Cpp/MinGW32/lib" -static-libstdc++ -static-libgcc ../../PDCurses/pdcurses.lib ../../../Windows/System32/ws2_32.dll -g3 LIBS = -L"C:/Program Files (x86)/Dev-Cpp/MinGW32/lib" -static-libstdc++ -static-libgcc -L"../../SDL-1.2.15/lib" -mwindows -lsdl -lSDL_image -lSDLmain -lws2_32 C:/Windows/System32/ws2_32.dll -g3
INCS = -I"C:/Program Files (x86)/Dev-Cpp/MinGW32/include" -I"../../PDCurses" INCS = -I"C:/Program Files (x86)/Dev-Cpp/MinGW32/include" -I"../../SDL-1.2.15/include"
CXXINCS = -I"C:/Program Files (x86)/Dev-Cpp/MinGW32/include" -I"../../PDCurses" CXXINCS = -I"C:/Program Files (x86)/Dev-Cpp/MinGW32/include" -I"../../SDL-1.2.15/include"
BIN = timesynk-pdcurses.exe BIN = timesynk-sdl.exe
CXXFLAGS = $(CXXINCS) -g3 CXXFLAGS = $(CXXINCS) -g3
CFLAGS = $(INCS) -g3 CFLAGS = $(INCS) -g3
RM = rm -f RM = rm -f
@ -28,8 +28,8 @@ $(BIN): $(OBJ)
../main.o: ../main.c ../main.o: ../main.c
$(CC) -c ../main.c -o ../main.o $(CFLAGS) $(CC) -c ../main.c -o ../main.o $(CFLAGS)
../interface/curses.o: ../interface/curses.c ../interface/sdl.o: ../interface/sdl.c
$(CC) -c ../interface/curses.c -o ../interface/curses.o $(CFLAGS) $(CC) -c ../interface/sdl.c -o ../interface/sdl.o $(CFLAGS)
../net/sockets.o: ../net/sockets.c ../net/sockets.o: ../net/sockets.c
$(CC) -c ../net/sockets.c -o ../net/sockets.o $(CFLAGS) $(CC) -c ../net/sockets.c -o ../net/sockets.o $(CFLAGS)
@ -43,6 +43,9 @@ $(BIN): $(OBJ)
../wall.o: ../wall.c ../wall.o: ../wall.c
$(CC) -c ../wall.c -o ../wall.o $(CFLAGS) $(CC) -c ../wall.c -o ../wall.o $(CFLAGS)
../tiles/tiles.o: ../tiles/tiles.c
$(CC) -c ../tiles/tiles.c -o ../tiles/tiles.o $(CFLAGS)
../console.o: ../console.c ../console.o: ../console.c
$(CC) -c ../console.c -o ../console.o $(CFLAGS) $(CC) -c ../console.c -o ../console.o $(CFLAGS)
@ -61,9 +64,6 @@ $(BIN): $(OBJ)
../tile.o: ../tile.c ../tile.o: ../tile.c
$(CC) -c ../tile.c -o ../tile.o $(CFLAGS) $(CC) -c ../tile.c -o ../tile.o $(CFLAGS)
../tiles/curses_tiles.o: ../tiles/curses_tiles.c
$(CC) -c ../tiles/curses_tiles.c -o ../tiles/curses_tiles.o $(CFLAGS)
../message.o: ../message.c ../message.o: ../message.c
$(CC) -c ../message.c -o ../message.o $(CFLAGS) $(CC) -c ../message.c -o ../message.o $(CFLAGS)

View File

@ -6,7 +6,7 @@ LeftChar=1
Open=0 Open=0
Top=0 Top=0
[Editors] [Editors]
Order= Order=-1
Focused=-1 Focused=-1
[Editor_1] [Editor_1]
Open=0 Open=0
@ -30,11 +30,11 @@ CursorRow=21
TopLine=1 TopLine=1
LeftChar=1 LeftChar=1
[Editor_4] [Editor_4]
Open=0 Open=1
Top=0 Top=1
CursorCol=1 CursorCol=60
CursorRow=33 CursorRow=643
TopLine=1 TopLine=616
LeftChar=1 LeftChar=1
[Editor_5] [Editor_5]
Open=0 Open=0

View File

@ -606,8 +606,8 @@ Uint32 combinepixels(Uint32 pixel_1, Uint32 pixel_2) {
#endif #endif
} }
Uint32 getpixel(SDL_Surface *surface, int x, int y) Uint32 getpixel(SDL_Surface *surface, int x, int y) {
{ if (y >= 0 && x >= 0 && x <= surface->w && y <= surface->h) {
int bpp = surface->format->BytesPerPixel; int bpp = surface->format->BytesPerPixel;
/* Here p is the address to the pixel we want to retrieve */ /* Here p is the address to the pixel we want to retrieve */
Uint8 *p = (Uint8 *)surface->pixels + y * surface->pitch + x * bpp; Uint8 *p = (Uint8 *)surface->pixels + y * surface->pitch + x * bpp;
@ -635,10 +635,12 @@ Uint32 getpixel(SDL_Surface *surface, int x, int y)
default: default:
return 0; /* shouldn't happen, but avoids warnings */ return 0; /* shouldn't happen, but avoids warnings */
} }
}
return 0;
} }
void putpixel(SDL_Surface *surface, int x, int y, Uint32 pixel) void putpixel(SDL_Surface *surface, int x, int y, Uint32 pixel) {
{ if (y >= 0 && x >= 0 && x <= surface->w && y <= surface->h) {
int bpp = surface->format->BytesPerPixel; int bpp = surface->format->BytesPerPixel;
/* Here p is the address to the pixel we want to set */ /* Here p is the address to the pixel we want to set */
Uint8 *p = (Uint8 *)surface->pixels + y * surface->pitch + x * bpp; Uint8 *p = (Uint8 *)surface->pixels + y * surface->pitch + x * bpp;
@ -668,6 +670,7 @@ void putpixel(SDL_Surface *surface, int x, int y, Uint32 pixel)
*(Uint32 *)p = pixel; *(Uint32 *)p = pixel;
break; break;
} }
}
} }
/*SDL_Surface *interfaceScaleSurface(SDL_Surface *Surface, Uint16 Width, Uint16 Height) { /*SDL_Surface *interfaceScaleSurface(SDL_Surface *Surface, Uint16 Width, Uint16 Height) {