edg-l/ddnet
1
0
Fork 0
mirror of https://github.com/ddnet/ddnet.git synced 2024-11-10 01:58:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix integer overflow when computing tilemap size

Browse source 
Cherry-picked from d25869626a
This commit is contained in:
Dennis Felsing 2024-07-04 12:31:16 +02:00
parent 610381d29e
commit 429777236b
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/engine/shared/map.cpp
View file

@ -106,8 +106,17 @@ bool CMap::Load(const char *pMapName)
CMapItemLayerTilemap *pTilemap = reinterpret_cast<CMapItemLayerTilemap *>(pLayer);
if(pTilemap->m_Version >= CMapItemLayerTilemap::TILE_SKIP_MIN_VERSION)
{
const size_t TilemapSize = (size_t)pTilemap->m_Width * pTilemap->m_Height * sizeof(CTile);
const size_t TilemapCount = (size_t)pTilemap->m_Width * pTilemap->m_Height;
const size_t TilemapSize = TilemapCount * sizeof(CTile);
if(((int)TilemapCount / pTilemap->m_Width != pTilemap->m_Height) || (TilemapSize / sizeof(CTile) != TilemapCount))
{
log_error("map/load", "map layer too big (%d * %d * %d causes an integer overflow)", pTilemap->m_Width, pTilemap->m_Height, sizeof(CTile));
return false;
}
CTile *pTiles = static_cast<CTile *>(malloc(TilemapSize));
if(!pTiles)
return false;
ExtractTiles(pTiles, (size_t)pTilemap->m_Width * pTilemap->m_Height, static_cast<CTile *>(NewDataFile.GetData(pTilemap->m_Data)), NewDataFile.GetDataSize(pTilemap->m_Data) / sizeof(CTile));
NewDataFile.ReplaceData(pTilemap->m_Data, reinterpret_cast<char *>(pTiles), TilemapSize);
}