edg-l/ddnet
1
0
Fork 0
mirror of https://github.com/ddnet/ddnet.git synced 2024-11-19 06:28:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix integer overflow when computing tilemap size. Fixes #2071

Browse source
This commit is contained in:
Jordy Ruiz 2019-03-26 16:58:29 +01:00
parent 3f298629c3
commit d25869626a
1 changed files with 13 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/engine/shared/map.cpp
View file

@ -55,14 +55,24 @@ public:
if(pTilemap->m_Version > 3) if(pTilemap->m_Version > 3)
{ {
CTile *pTiles = static_cast<CTile *>(mem_alloc(pTilemap->m_Width * pTilemap->m_Height * sizeof(CTile), 1)); const int TilemapCount = pTilemap->m_Width * pTilemap->m_Height;
const int TilemapSize = TilemapCount * sizeof(CTile);
if((TilemapCount / pTilemap->m_Width != pTilemap->m_Height) || (TilemapSize / sizeof(CTile) != TilemapCount))
{
dbg_msg("engine", "map layer too big (%d * %d * %d causes an integer overflow)", pTilemap->m_Width, pTilemap->m_Height, sizeof(CTile));
return false;
}
CTile *pTiles = static_cast<CTile *>(mem_alloc(TilemapSize, 1));
if(!pTiles)
return false;
// extract original tile data // extract original tile data
int i = 0; int i = 0;
CTile *pSavedTiles = static_cast<CTile *>(m_DataFile.GetData(pTilemap->m_Data)); CTile *pSavedTiles = static_cast<CTile *>(m_DataFile.GetData(pTilemap->m_Data));
while(i < pTilemap->m_Width * pTilemap->m_Height) while(i < TilemapCount)
{ {
for(unsigned Counter = 0; Counter <= pSavedTiles->m_Skip && i < pTilemap->m_Width * pTilemap->m_Height; Counter++) for(unsigned Counter = 0; Counter <= pSavedTiles->m_Skip && i < TilemapCount; Counter++)
{ {
pTiles[i] = *pSavedTiles; pTiles[i] = *pSavedTiles;
pTiles[i++].m_Skip = 0; pTiles[i++].m_Skip = 0;