From b9b25e93af5394ca49ce927b156a50b97473671e Mon Sep 17 00:00:00 2001 From: toxieainc Date: Fri, 19 Sep 2025 13:07:13 +0200 Subject: [PATCH 1/2] fix some potential out-of bounds access (and one-pixel x-axis wrapping) --- engine/openbor.c | 2 +- engine/openborscript.c | 4 ++-- engine/source/gamelib/draw.c | 4 ++-- engine/source/gamelib/draw16.c | 4 +--- engine/source/gamelib/draw32.c | 4 +--- 5 files changed, 7 insertions(+), 11 deletions(-) diff --git a/engine/openbor.c b/engine/openbor.c index 9675f9347..f5ee775d1 100644 --- a/engine/openbor.c +++ b/engine/openbor.c @@ -44341,7 +44341,7 @@ void spawnplayer(int index) //////////////////checking holes/ walls/////////////////////////////////// for(xc = 0; xc < videomodes.hRes / 4; xc++) { - if(p.position.x > videomodes.hRes) + if(p.position.x >= videomodes.hRes) { p.position.x -= videomodes.hRes; } diff --git a/engine/openborscript.c b/engine/openborscript.c index c39d17c2b..8a833e1a1 100644 --- a/engine/openborscript.c +++ b/engine/openborscript.c @@ -16156,7 +16156,7 @@ HRESULT openbor_getgfxproperty(ScriptVariant **varlist , ScriptVariant **pretvar { case bitmap_magic: //As long as the two structures are identical... case screen_magic: - if(x < 0 || x >= screen->width || y < 0 || y >= screen->height) + if((unsigned)x >= (unsigned)screen->width || (unsigned)y >= (unsigned)screen->height) // includes checks for <0 { v = 0; } @@ -16180,7 +16180,7 @@ HRESULT openbor_getgfxproperty(ScriptVariant **varlist , ScriptVariant **pretvar } break; case sprite_magic: - if(x < 0 || x >= sprite->width || y < 0 || y >= sprite->height) + if((unsigned)x >= (unsigned)sprite->width || (unsigned)y >= (unsigned)sprite->height) // includes checks for <0 { v = 0; } diff --git a/engine/source/gamelib/draw.c b/engine/source/gamelib/draw.c index 9e92e0679..787273174 100644 --- a/engine/source/gamelib/draw.c +++ b/engine/source/gamelib/draw.c @@ -266,11 +266,11 @@ void drawbox(int x, int y, int width, int height, int colour, s_screen *screen, // Putpixel used by circle function -void _putpixel(int x, int y, int colour, s_screen *screen, int alpha) +static void _putpixel(int x, int y, int colour, s_screen *screen, int alpha) { int pixind; unsigned char *lut; - if((unsigned)x > screen->width || (unsigned)y > screen->height) + if((unsigned)x >= (unsigned)screen->width || (unsigned)y >= (unsigned)screen->height) { return; } diff --git a/engine/source/gamelib/draw16.c b/engine/source/gamelib/draw16.c index 85e9c9833..539f9e11b 100644 --- a/engine/source/gamelib/draw16.c +++ b/engine/source/gamelib/draw16.c @@ -274,7 +274,7 @@ void _putpixel16(unsigned x, unsigned y, unsigned short colour, s_screen *screen int pixind; unsigned short *data ; unsigned short(*blendfp)(unsigned short, unsigned short); - if(x > screen->width || y > screen->height) + if(x >= (unsigned)screen->width || y >= (unsigned)screen->height) { return; } @@ -283,5 +283,3 @@ void _putpixel16(unsigned x, unsigned y, unsigned short colour, s_screen *screen blendfp = getblendfunction16(alpha); __putpixel16(data); } - - diff --git a/engine/source/gamelib/draw32.c b/engine/source/gamelib/draw32.c index 1f729d426..9eae66f1f 100644 --- a/engine/source/gamelib/draw32.c +++ b/engine/source/gamelib/draw32.c @@ -277,7 +277,7 @@ void _putpixel32(unsigned x, unsigned y, unsigned colour, s_screen *screen, int int pixind; unsigned *data ; unsigned(*blendfp)(unsigned, unsigned); - if(x > screen->width || y > screen->height) + if(x >= (unsigned)screen->width || y >= (unsigned)screen->height) { return; } @@ -287,5 +287,3 @@ void _putpixel32(unsigned x, unsigned y, unsigned colour, s_screen *screen, int blendfp = getblendfunction32(alpha); __putpixel32(data); } - - From dfcbb124fd710b0fab5a190fadaaa27416dfe5b6 Mon Sep 17 00:00:00 2001 From: toxieainc Date: Fri, 19 Sep 2025 13:15:09 +0200 Subject: [PATCH 2/2] d'oh --- engine/source/gamelib/draw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/source/gamelib/draw.c b/engine/source/gamelib/draw.c index 787273174..4fd429dfa 100644 --- a/engine/source/gamelib/draw.c +++ b/engine/source/gamelib/draw.c @@ -266,7 +266,7 @@ void drawbox(int x, int y, int width, int height, int colour, s_screen *screen, // Putpixel used by circle function -static void _putpixel(int x, int y, int colour, s_screen *screen, int alpha) +void _putpixel(int x, int y, int colour, s_screen *screen, int alpha) { int pixind; unsigned char *lut;