[Scummvm-git-logs] scummvm master -> 2b5605362abeb351132d7bf58d18790a8c6fabfe
csnover
csnover at users.noreply.github.com
Sat Dec 2 02:24:42 CET 2017
This automated email contains information about 7 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
9a36870e78 SCUMM HE: Fix UB shifting negative integers
02614f2f1a COMMON: Fix UB shifting negative integers
1871c7dfea AUDIO: Fix UB shift of negative integer in AdLib driver
57084b4a1b SCUMM: Fix UB shifting negative integers in Actor
5cd2c9a387 SCUMM: Fix possible return of garbage values
c7989bb333 SCUMM: Fix buffer overflow reading default v70HE cursor
2b5605362a SCUMM: Fix signed integer overflow reading default v70HE cursor
Commit: 9a36870e78cd678842384d1beadc74115d9c232d
https://github.com/scummvm/scummvm/commit/9a36870e78cd678842384d1beadc74115d9c232d
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-01T19:22:19-06:00
Commit Message:
SCUMM HE: Fix UB shifting negative integers
Changed paths:
engines/scumm/he/wiz_he.cpp
diff --git a/engines/scumm/he/wiz_he.cpp b/engines/scumm/he/wiz_he.cpp
index 9339318..2db5702 100644
--- a/engines/scumm/he/wiz_he.cpp
+++ b/engines/scumm/he/wiz_he.cpp
@@ -1865,21 +1865,21 @@ struct PolygonDrawData {
}
void transform(const Common::Point *tp1, const Common::Point *tp2, const Common::Point *sp1, const Common::Point *sp2) {
- int32 tx_acc = tp1->x << 16;
- int32 sx_acc = sp1->x << 16;
- int32 sy_acc = sp1->y << 16;
+ int32 tx_acc = tp1->x * (1 << 16);
+ int32 sx_acc = sp1->x * (1 << 16);
+ int32 sy_acc = sp1->y * (1 << 16);
uint16 dy = ABS(tp2->y - tp1->y) + 1;
- int32 tx_step = ((tp2->x - tp1->x) << 16) / dy;
- int32 sx_step = ((sp2->x - sp1->x) << 16) / dy;
- int32 sy_step = ((sp2->y - sp1->y) << 16) / dy;
+ int32 tx_step = ((tp2->x - tp1->x) * (1 << 16)) / dy;
+ int32 sx_step = ((sp2->x - sp1->x) * (1 << 16)) / dy;
+ int32 sy_step = ((sp2->y - sp1->y) * (1 << 16)) / dy;
int y = tp1->y - mat[0].y;
while (dy--) {
assert(y >= 0 && y < pAreasNum);
PolygonArea *ppa = &pa[y];
- int32 ttx = tx_acc >> 16;
- int32 tsx = sx_acc >> 16;
- int32 tsy = sy_acc >> 16;
+ int32 ttx = tx_acc / (1 << 16);
+ int32 tsx = sx_acc / (1 << 16);
+ int32 tsy = sy_acc / (1 << 16);
if (ppa->xmin > ttx) {
ppa->xmin = ttx;
@@ -2143,12 +2143,12 @@ void Wiz::drawWizPolygonImage(uint8 *dst, const uint8 *src, const uint8 *mask, i
int16 w = x2 - x1 + 1;
if (w > 0) {
int16 width = ppa->xmax - ppa->xmin + 1;
- pra->x_step = ((ppa->x2 - ppa->x1) << 16) / width;
- pra->y_step = ((ppa->y2 - ppa->y1) << 16) / width;
+ pra->x_step = ((ppa->x2 - ppa->x1) * (1 << 16)) / width;
+ pra->y_step = ((ppa->y2 - ppa->y1) * (1 << 16)) / width;
pra->dst_offs = yoff + x1 * _vm->_bytesPerPixel;
pra->w = w;
- pra->x_s = ppa->x1 << 16;
- pra->y_s = ppa->y1 << 16;
+ pra->x_s = ppa->x1 * (1 << 16);
+ pra->y_s = ppa->y1 * (1 << 16);
int16 tmp = x1 - ppa->xmin;
if (tmp != 0) {
pra->x_s += pra->x_step * tmp;
@@ -2170,7 +2170,7 @@ void Wiz::drawWizPolygonImage(uint8 *dst, const uint8 *src, const uint8 *mask, i
int32 x_acc = pra->x_s;
int32 y_acc = pra->y_s;
while (--w) {
- int32 src_offs = (y_acc >> 16) * wizW + (x_acc >> 16);
+ int32 src_offs = (y_acc / (1 << 16)) * wizW + (x_acc / (1 << 16));
assert(src_offs < wizW * wizH);
x_acc += pra->x_step;
y_acc += pra->y_step;
Commit: 02614f2f1ac9ee1150f165df34546490612153aa
https://github.com/scummvm/scummvm/commit/02614f2f1ac9ee1150f165df34546490612153aa
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-01T19:22:24-06:00
Commit Message:
COMMON: Fix UB shifting negative integers
Compilers optimise these back into shifts on architectures where
shifts of negative integers work the same as mul/div, so this
solves the UB without actually causing any performance issue.
Changed paths:
common/frac.h
diff --git a/common/frac.h b/common/frac.h
index d71d316..4e3bcf2 100644
--- a/common/frac.h
+++ b/common/frac.h
@@ -46,7 +46,7 @@ typedef int32 frac_t;
inline frac_t doubleToFrac(double value) { return (frac_t)(value * FRAC_ONE); }
inline double fracToDouble(frac_t value) { return ((double)value) / FRAC_ONE; }
-inline frac_t intToFrac(int16 value) { return value << FRAC_BITS; }
-inline int16 fracToInt(frac_t value) { return value >> FRAC_BITS; }
+inline frac_t intToFrac(int16 value) { return value * (1 << FRAC_BITS); }
+inline int16 fracToInt(frac_t value) { return value / (1 << FRAC_BITS); }
#endif
Commit: 1871c7dfea6eaebca98ea89be5e25db0d9b86361
https://github.com/scummvm/scummvm/commit/1871c7dfea6eaebca98ea89be5e25db0d9b86361
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-01T19:22:31-06:00
Commit Message:
AUDIO: Fix UB shift of negative integer in AdLib driver
Changed paths:
audio/adlib.cpp
diff --git a/audio/adlib.cpp b/audio/adlib.cpp
index 3e3f5c0..fd21eb1 100644
--- a/audio/adlib.cpp
+++ b/audio/adlib.cpp
@@ -1796,7 +1796,7 @@ void MidiDriver_ADLIB::adlibSetParam(int channel, byte param, int value, bool pr
value -= 15;
else
value -= 383;
- value <<= 4;
+ value *= 16;
_channelTable2[channel] = value;
adlibPlayNote(channel, _curNotTable[channel] + value);
return;
Commit: 57084b4a1b23e131be7497c4c97c75db060210c9
https://github.com/scummvm/scummvm/commit/57084b4a1b23e131be7497c4c97c75db060210c9
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-01T19:22:35-06:00
Commit Message:
SCUMM: Fix UB shifting negative integers in Actor
Changed paths:
engines/scumm/actor.cpp
diff --git a/engines/scumm/actor.cpp b/engines/scumm/actor.cpp
index e3f93e5..f48f0ba 100644
--- a/engines/scumm/actor.cpp
+++ b/engines/scumm/actor.cpp
@@ -565,13 +565,13 @@ int Actor::actorWalkStep() {
_pos.y -= 1;
}
} else {
- tmpX = (_pos.x << 16) + _walkdata.xfrac + (_walkdata.deltaXFactor >> 8) * _scalex;
+ tmpX = (_pos.x * (1 << 16)) + _walkdata.xfrac + (_walkdata.deltaXFactor / 256) * _scalex;
_walkdata.xfrac = (uint16)tmpX;
- _pos.x = (tmpX >> 16);
+ _pos.x = (tmpX / (1 << 16));
- tmpY = (_pos.y << 16) + _walkdata.yfrac + (_walkdata.deltaYFactor >> 8) * _scaley;
+ tmpY = (_pos.y * (1 << 16)) + _walkdata.yfrac + (_walkdata.deltaYFactor / 256) * _scaley;
_walkdata.yfrac = (uint16)tmpY;
- _pos.y = (tmpY >> 16);
+ _pos.y = (tmpY / (1 << 16));
}
if (ABS(_pos.x - _walkdata.cur.x) > distX) {
Commit: 5cd2c9a387537a7eb006eabed831126c4034c8f8
https://github.com/scummvm/scummvm/commit/5cd2c9a387537a7eb006eabed831126c4034c8f8
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-01T19:22:52-06:00
Commit Message:
SCUMM: Fix possible return of garbage values
Changed paths:
engines/scumm/object.cpp
diff --git a/engines/scumm/object.cpp b/engines/scumm/object.cpp
index cbc24a8..f4aea93 100644
--- a/engines/scumm/object.cpp
+++ b/engines/scumm/object.cpp
@@ -1538,7 +1538,8 @@ int ScummEngine::getObjX(int obj) {
if (whereIsObject(obj) == WIO_NOT_FOUND)
return -1;
int x, y;
- getObjectOrActorXY(obj, x, y);
+ if (getObjectOrActorXY(obj, x, y) == -1)
+ return -1;
return x;
}
}
@@ -1553,7 +1554,8 @@ int ScummEngine::getObjY(int obj) {
if (whereIsObject(obj) == WIO_NOT_FOUND)
return -1;
int x, y;
- getObjectOrActorXY(obj, x, y);
+ if (getObjectOrActorXY(obj, x, y) == -1)
+ return -1;
return y;
}
}
Commit: c7989bb333146cb369af117bc84ee9a4a819697f
https://github.com/scummvm/scummvm/commit/c7989bb333146cb369af117bc84ee9a4a819697f
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-01T19:22:56-06:00
Commit Message:
SCUMM: Fix buffer overflow reading default v70HE cursor
Changed paths:
engines/scumm/cursor.cpp
diff --git a/engines/scumm/cursor.cpp b/engines/scumm/cursor.cpp
index 6445d25..cdccfd4 100644
--- a/engines/scumm/cursor.cpp
+++ b/engines/scumm/cursor.cpp
@@ -205,7 +205,9 @@ void ScummEngine_v70he::setDefaultCursor() {
}
p <<= 2;
- if ((j + 1) % 8 == 0)
+ if (j == 31)
+ ++src;
+ else if ((j + 1) % 8 == 0)
p = *(++src);
}
}
Commit: 2b5605362abeb351132d7bf58d18790a8c6fabfe
https://github.com/scummvm/scummvm/commit/2b5605362abeb351132d7bf58d18790a8c6fabfe
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-01T19:23:00-06:00
Commit Message:
SCUMM: Fix signed integer overflow reading default v70HE cursor
Changed paths:
engines/scumm/cursor.cpp
diff --git a/engines/scumm/cursor.cpp b/engines/scumm/cursor.cpp
index cdccfd4..ab38fa5 100644
--- a/engines/scumm/cursor.cpp
+++ b/engines/scumm/cursor.cpp
@@ -191,7 +191,7 @@ void ScummEngine_v70he::setDefaultCursor() {
_cursor.height = 32;
for (i = 0; i < 32; i++) {
- int p = *src;
+ uint p = *src;
for (j = 0; j < 32; j++) {
switch ((p & (0x3 << 14)) >> 14) {
case 1:
More information about the Scummvm-git-logs
mailing list