Mercurial > hg > dmlib
changeset 2122:59bde9a7220d
Add few out of bounds checks.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 27 May 2019 05:59:57 +0300 |
parents | f12ac487954b |
children | 47ddbedf5b56 |
files | tools/lib64gfx.c |
diffstat | 1 files changed, 28 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/tools/lib64gfx.c Mon May 27 00:04:02 2019 +0300 +++ b/tools/lib64gfx.c Mon May 27 05:59:57 2019 +0300 @@ -1317,8 +1317,16 @@ const int scroffs = scroffsy + x; const int xshift = 7 - (xc & 7); const int chr = src->screen[0].data[scroffs]; + const size_t chrOffs = (chr * C64_CHR_SIZE) + yb; - if ((src->charData[0].data[chr * C64_CHR_SIZE + yb] >> xshift) & 1) + if (chrOffs >= src->charData[0].size) + { + return dmError(DMERR_INVALID_DATA, + "Character map index #%d out of bounds for char ROM data.\n", + chr); + } + + if ((src->charData[0].data[chrOffs] >> xshift) & 1) *dp++ = src->color[0].data[scroffs]; else *dp++ = src->bgcolor; @@ -1331,8 +1339,16 @@ const int scroffs = scroffsy + x; const int xshift = 7 - (xc & 7); const int chr = src->screen[0].data[scroffs]; + const size_t chrOffs = ((chr & 0x3f) * C64_CHR_SIZE) + yb; - if ((src->charData[0].data[(chr & 0x3f) * C64_CHR_SIZE + yb] >> xshift) & 1) + if (chrOffs >= src->charData[0].size) + { + return dmError(DMERR_INVALID_DATA, + "Character map index #%d out of bounds for char ROM data.\n", + chr); + } + + if ((src->charData[0].data[chrOffs] >> xshift) & 1) *dp++ = src->color[0].data[scroffs] & 15; else switch ((chr >> 6) & 3) @@ -1351,11 +1367,19 @@ const int scroffs = scroffsy + x; const int chr = src->screen[0].data[scroffs]; const int col = src->color[0].data[scroffs]; + const size_t chrOffs = (chr * C64_CHR_SIZE) + yb; + + if (chrOffs >= src->charData[0].size) + { + return dmError(DMERR_INVALID_DATA, + "Character map index #%d out of bounds for char ROM data.\n", + chr); + } if (col & 8) { const int xshift = 6 - ((xc * 2) & 6); - switch ((src->charData[0].data[chr * C64_CHR_SIZE + yb] >> xshift) & 3) + switch ((src->charData[0].data[chrOffs] >> xshift) & 3) { case 0: *dp++ = src->bgcolor; break; case 1: *dp++ = src->d022; break; @@ -1366,7 +1390,7 @@ else { const int xshift = 7 - (xc & 7); - if ((src->charData[0].data[chr * C64_CHR_SIZE + yb] >> xshift) & 1) + if ((src->charData[0].data[chrOffs] >> xshift) & 1) *dp++ = col & 7; else *dp++ = src->bgcolor;