Mercurial > hg > dmlib

comparison tools/lib64gfx.c @ 1519:19b5013ff190

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix c64 bitmap encoding / decoding bounds checks.
author Matti Hamalainen <ccr@tnsp.org>
date Fri, 11 May 2018 23:11:38 +0300
parents 24b8b452925e
children 2801c76088b5
comparison
equal deleted inserted replaced
1518:24b8b452925e 1519:19b5013ff190
504 case DT_CHAR_DATA: 504 case DT_CHAR_DATA:
505 *size = C64_MAX_CHARS * C64_CHR_SIZE; 505 *size = C64_MAX_CHARS * C64_CHR_SIZE;
506 break; 506 break;
507 507
508 case DT_COLOR_REG: 508 case DT_COLOR_REG:
509 *size = 0; 509 *size = 1;
510 break; 510 break;
511 511
512 default: 512 default:
513 *size = 0; 513 *size = 0;
514 } 514 }
556 "bank=%d, size=%d ($%04x) vs. allocated %d ($%04x)\n", 556 "bank=%d, size=%d ($%04x) vs. allocated %d ($%04x)\n",
557 i, op->type, op->offs, op->offs, op->bank, size, size, op->size, op->size); 557 i, op->type, op->offs, op->offs, op->bank, size, size, op->size, op->size);
558 } 558 }
559 559
560 // Do we need to reallocate some more space? 560 // Do we need to reallocate some more space?
561 if (op->offs + size > len) 561 if (op->offs + size > len + 1)
562 { 562 {
563 return dmError(DMERR_INVALID_DATA, 563 return dmError(DMERR_INVALID_DATA,
564 "Decode out of bounds, op #%d type=%d, offs=%d ($%04x), " 564 "Decode out of bounds, op #%d type=%d, offs=%d ($%04x), "
565 "bank=%d, size=%d ($%04x) @ %d ($%04x)\n", 565 "bank=%d, size=%d ($%04x) @ %d ($%04x)\n",
566 i, op->type, op->offs, op->offs, op->bank, size, size, len, len); 566 i, op->type, op->offs, op->offs, op->bank, size, size, len, len);
715 i, op->type, op->offs, op->offs, op->bank, size, size, op->size, op->size); 715 i, op->type, op->offs, op->offs, op->bank, size, size, op->size, op->size);
716 goto err; 716 goto err;
717 } 717 }
718 718
719 // Do we need to reallocate some more space? 719 // Do we need to reallocate some more space?
720 chksize = op->offs + size + boffs; 720 chksize = op->offs + size + boffs - 1;
721 if (!dmGrowBufCheckGrow(buf, chksize)) 721 if (!dmGrowBufCheckGrow(buf, chksize))
722 { 722 {
723 res = dmError(DMERR_MALLOC, 723 res = dmError(DMERR_MALLOC,
724 "Could not re-allocate %d bytes of memory for C64 image encoding buffer.\n", 724 "Could not re-allocate %d bytes of memory for C64 image encoding buffer.\n",
725 chksize); 725 chksize);