[Scummvm-cvs-logs] CVS: residual blocky16.cpp,1.13,1.14
Joost Peters
joostp at users.sourceforge.net
Wed Apr 28 15:21:07 CEST 2004
- Previous message: [Scummvm-cvs-logs] CVS: residual smush.cpp,1.41,1.42 smush.h,1.21,1.22
- Next message: [Scummvm-cvs-logs] CVS: scummvm/saga sndres.cpp,1.2,1.3 sndres.h,1.2,1.3 syssound.cpp,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvsroot/scummvm/residual
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv763
Modified Files:
blocky16.cpp
Log Message:
stricter check for out-of-bounds read in smush (thanks wjp)
hopefully this will entice someone to fix it.
Index: blocky16.cpp
===================================================================
RCS file: /cvsroot/scummvm/residual/blocky16.cpp,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- blocky16.cpp 27 Apr 2004 23:27:53 -0000 1.13
+++ blocky16.cpp 28 Apr 2004 22:20:30 -0000 1.14
@@ -381,8 +381,7 @@
}
tmp2 += _offset1;
for (i = 0; i < 4; i++) {
- if ((tmp2 + (d_dst - _deltaBuf) > _deltaSize))
- error("Reading %d bytes out-of-bounds in Blocky16::level2()", (tmp2 + (d_dst - _deltaBuf)) - _deltaSize);
+ assert(d_dst + tmp2 < _deltaBufs[1] + _frameSize && d_dst + tmp2 >= _deltaBufs[1]);
*(uint32 *)(d_dst + 0) = *(uint32 *)(d_dst + tmp2 + 0);
*(uint32 *)(d_dst + 4) = *(uint32 *)(d_dst + tmp2 + 4);
d_dst += _d_pitch;
- Previous message: [Scummvm-cvs-logs] CVS: residual smush.cpp,1.41,1.42 smush.h,1.21,1.22
- Next message: [Scummvm-cvs-logs] CVS: scummvm/saga sndres.cpp,1.2,1.3 sndres.h,1.2,1.3 syssound.cpp,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Scummvm-git-logs
mailing list