dave/openttd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(svn r22878) -Fix (r22873-ish): Check range before casting to uint16.

Browse Source
This commit is contained in:
frosch
2011-09-03 10:52:43 +00:00
parent 82a5e4e35e
commit 64ac0cd696
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/spriteloader/png.cpp
View File

@@ -106,13 +106,15 @@ static bool LoadPNG(SpriteLoader::Sprite *sprite, const char *filename, uint32 i
if (strcmp("y_offs", text_ptr[i].key) == 0) sprite->y_offs = strtol(text_ptr[i].text, NULL, 0); if (strcmp("y_offs", text_ptr[i].key) == 0) sprite->y_offs = strtol(text_ptr[i].text, NULL, 0);
} }
sprite->height = png_get_image_height(png_ptr, info_ptr); uint height = png_get_image_height(png_ptr, info_ptr);
sprite->width = png_get_image_width(png_ptr, info_ptr); uint width = png_get_image_width(png_ptr, info_ptr);
/* Check if sprite dimensions aren't larger than what is allowed in GRF-files. */ /* Check if sprite dimensions aren't larger than what is allowed in GRF-files. */
if (sprite->height > UINT8_MAX || sprite->width > UINT16_MAX) { if (height > UINT8_MAX || width > UINT16_MAX) {
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info); png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return false; return false;
} }
sprite->height = height;
sprite->width = width;
sprite->AllocateData(sprite->width * sprite->height); sprite->AllocateData(sprite->width * sprite->height);
} else if (sprite->height != png_get_image_height(png_ptr, info_ptr) || sprite->width != png_get_image_width(png_ptr, info_ptr)) { } else if (sprite->height != png_get_image_height(png_ptr, info_ptr) || sprite->width != png_get_image_width(png_ptr, info_ptr)) {
/* Make sure the mask image isn't larger than the sprite image. */ /* Make sure the mask image isn't larger than the sprite image. */