pandory500/SDL-mirror
2
0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Better fix for bug 936

Browse source 
Check to for overruns before they happen instead of afterwards.
This commit is contained in:
Sam Lantinga 2010-07-18 10:26:46 -07:00
parent ce200fdf85
commit bbf7027004
1 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/video/SDL_stretch.c
View file

@ -80,7 +80,7 @@ generate_rowbytes(int src_w, int dst_w, int bpp)
int i; int i;
int pos, inc; int pos, inc;
unsigned char *eip; unsigned char *eip, *fence;
unsigned char load, store; unsigned char load, store;
/* See if we need to regenerate the copy buffer */ /* See if we need to regenerate the copy buffer */
@ -116,14 +116,21 @@ generate_rowbytes(int src_w, int dst_w, int bpp)
pos = 0x10000; pos = 0x10000;
inc = (src_w << 16) / dst_w; inc = (src_w << 16) / dst_w;
eip = copy_row; eip = copy_row;
fence = copy_row + sizeof(copy_row)-2;
for (i = 0; i < dst_w; ++i) { for (i = 0; i < dst_w; ++i) {
while (pos >= 0x10000L) { while (pos >= 0x10000L) {
if (eip == fence) {
return -1;
}
if (bpp == 2) { if (bpp == 2) {
*eip++ = PREFIX16; *eip++ = PREFIX16;
} }
*eip++ = load; *eip++ = load;
pos -= 0x10000L; pos -= 0x10000L;
} }
if (eip == fence) {
return -1;
}
if (bpp == 2) { if (bpp == 2) {
*eip++ = PREFIX16; *eip++ = PREFIX16;
} }
@ -132,11 +139,6 @@ generate_rowbytes(int src_w, int dst_w, int bpp)
} }
*eip++ = RETURN; *eip++ = RETURN;
/* Verify that we didn't overflow (too late!!!) */
if (eip > (copy_row + sizeof(copy_row))) {
SDL_SetError("Copy buffer overflow");
return (-1);
}
#ifdef HAVE_MPROTECT #ifdef HAVE_MPROTECT
/* Make the code executable but not writeable */ /* Make the code executable but not writeable */
if (mprotect(copy_row, sizeof(copy_row), PROT_READ | PROT_EXEC) < 0) { if (mprotect(copy_row, sizeof(copy_row), PROT_READ | PROT_EXEC) < 0) {