[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-ports
Subject:    games/fire over-/under-flow fix
From:       Ray Lai <ray () cyth ! net>
Date:       2006-08-25 4:54:13
Message-ID: 20060825045436.GY31505 () cybertron ! cyth ! net
[Download RAW message or body]

There is an overflow/underflow issue with games/fire.  It reads one byte
before and one byte after the allocated buffer.  This patch skips those
two bytes and prevents a segfault.

I don't know the algorithm very well, but it just seems to add up the
surrounding pixels' values.  For the two that can overflow/underflow,
I took the nearest pixel and used that value.  Just leaving it out
seems to mess it up.

Another solution is to change the inside loop to be:

	for(x=1;x<XSIZE - 1;x++)

This may be a better solution because the allocated space is a two
dimensional block of pixels, and it is currently wrapping around the
x-axis when reading the very edge.

Anyway, either one will prevent the segfault.

Okay?

-Ray-

Index: Makefile
===================================================================
RCS file: /cvs/ports/games/fire/Makefile,v
retrieving revision 1.7
diff -u -r1.7 Makefile
--- Makefile	28 Nov 2004 22:41:17 -0000	1.7
+++ Makefile	24 Aug 2006 06:40:34 -0000
@@ -3,6 +3,7 @@
 COMMENT=	"organic fireworks demo"
 
 DISTNAME=	fire-1.0
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	games
 
 HOMEPAGE=	http://www.libsdl.org/projects/fire/
Index: patches/patch-fire_c
===================================================================
RCS file: patches/patch-fire_c
diff -N patches/patch-fire_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-fire_c	24 Aug 2006 06:40:34 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- fire.c.orig	Tue Dec 21 00:19:06 1999
++++ fire.c	Thu Aug 24 02:37:08 2006
+@@ -107,6 +107,8 @@ unsigned char *p3, *p4;
+ 	{
+ 		for(x=0;x<XSIZE;x++)
+ 		{
++			if ((x == 0 && y == 2) || (x == XSIZE - 1 && y == YSIZE - 1))
++				continue;
+ 			p3 = p1+y*XSIZE+x;
+ 			p4 = p2+y*pitch+x;
+ 			*p4=map[*p3+p3[-XSIZE]+p3[-XSIZE-1]+p3[-XSIZE+1]+p3[-1]+p3[1]+p3[-XSIZE-XSIZE-1]+p3[-XSIZE-XSIZE]+p3[-XSIZE-XSIZE+1]];



[prev in list] [next in list] [prev in thread] [next in thread]