From d2cd74223e2ce5c538f306063291129a2bf24db6 Mon Sep 17 00:00:00 2001 From: Jonathan G Rennison Date: Sun, 22 Nov 2015 23:30:09 +0000 Subject: [PATCH 1/2] Fix another out of bound buffer read in viewport map mode. Drawing of non-company tunnels/bridges. Caught by AddressSanitizer. --- src/viewport.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/viewport.cpp b/src/viewport.cpp index ee4b1ae3d9..ec8d40cafb 100644 --- a/src/viewport.cpp +++ b/src/viewport.cpp @@ -2297,7 +2297,7 @@ static void ViewportMapDrawBridgeTunnel(const ViewPort * const vp, const TunnelB TileIndex tile = tbtm->from_tile; const Owner o = GetTileOwner(tile); - if (!_legend_land_owners[_company_to_list_pos[o]].show_on_map) return; + if (o < MAX_COMPANIES && !_legend_land_owners[_company_to_list_pos[o]].show_on_map) return; uint8 colour; if (vp->map_type == VPMT_OWNER && _settings_client.gui.use_owner_colour_for_tunnelbridge && o < MAX_COMPANIES) { From 52d3f075ea5d5bdac0e874a7d9de8eec074bd9bd Mon Sep 17 00:00:00 2001 From: Jonathan G Rennison Date: Sun, 22 Nov 2015 23:31:51 +0000 Subject: [PATCH 2/2] Fix over shift left undefined behaviour. The maximum zoom level is now >= 8, so shifting a uint8 by a zoom level results in undefined behaviour. --- src/spritecache.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/spritecache.cpp b/src/spritecache.cpp index e9ab6b7538..6fd7e6e8c8 100644 --- a/src/spritecache.cpp +++ b/src/spritecache.cpp @@ -269,7 +269,7 @@ static bool PadSingleSprite(SpriteLoader::Sprite *sprite, ZoomLevel zoom, uint p return true; } -static bool PadSprites(SpriteLoader::Sprite *sprite, uint8 sprite_avail) +static bool PadSprites(SpriteLoader::Sprite *sprite, unsigned int sprite_avail) { /* Get minimum top left corner coordinates. */ int min_xoffs = INT32_MAX; @@ -310,7 +310,7 @@ static bool PadSprites(SpriteLoader::Sprite *sprite, uint8 sprite_avail) return true; } -static bool ResizeSprites(SpriteLoader::Sprite *sprite, uint8 sprite_avail, uint32 file_slot, uint32 file_pos) +static bool ResizeSprites(SpriteLoader::Sprite *sprite, unsigned int sprite_avail, uint32 file_slot, uint32 file_pos) { /* Create a fully zoomed image if it does not exist */ ZoomLevel first_avail = static_cast(FIND_FIRST_BIT(sprite_avail));