[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-ports
Subject: games/fire over-/under-flow fix
From: Ray Lai <ray () cyth ! net>
Date: 2006-08-25 4:54:13
Message-ID: 20060825045436.GY31505 () cybertron ! cyth ! net
[Download RAW message or body]
There is an overflow/underflow issue with games/fire. It reads one byte
before and one byte after the allocated buffer. This patch skips those
two bytes and prevents a segfault.
I don't know the algorithm very well, but it just seems to add up the
surrounding pixels' values. For the two that can overflow/underflow,
I took the nearest pixel and used that value. Just leaving it out
seems to mess it up.
Another solution is to change the inside loop to be:
for(x=1;x<XSIZE - 1;x++)
This may be a better solution because the allocated space is a two
dimensional block of pixels, and it is currently wrapping around the
x-axis when reading the very edge.
Anyway, either one will prevent the segfault.
Okay?
-Ray-
Index: Makefile
===================================================================
RCS file: /cvs/ports/games/fire/Makefile,v
retrieving revision 1.7
diff -u -r1.7 Makefile
--- Makefile 28 Nov 2004 22:41:17 -0000 1.7
+++ Makefile 24 Aug 2006 06:40:34 -0000
@@ -3,6 +3,7 @@
COMMENT= "organic fireworks demo"
DISTNAME= fire-1.0
+PKGNAME= ${DISTNAME}p0
CATEGORIES= games
HOMEPAGE= http://www.libsdl.org/projects/fire/
Index: patches/patch-fire_c
===================================================================
RCS file: patches/patch-fire_c
diff -N patches/patch-fire_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-fire_c 24 Aug 2006 06:40:34 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- fire.c.orig Tue Dec 21 00:19:06 1999
++++ fire.c Thu Aug 24 02:37:08 2006
+@@ -107,6 +107,8 @@ unsigned char *p3, *p4;
+ {
+ for(x=0;x<XSIZE;x++)
+ {
++ if ((x == 0 && y == 2) || (x == XSIZE - 1 && y == YSIZE - 1))
++ continue;
+ p3 = p1+y*XSIZE+x;
+ p4 = p2+y*pitch+x;
+ *p4=map[*p3+p3[-XSIZE]+p3[-XSIZE-1]+p3[-XSIZE+1]+p3[-1]+p3[1]+p3[-XSIZE-XSIZE-1]+p3[-XSIZE-XSIZE]+p3[-XSIZE-XSIZE+1]];
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic