Mercurial > sdl-ios-xcode

changeset 4542:af1d018ebbe6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Better fix for bug 936 Check to for overruns before they happen instead of afterwards.
author Sam Lantinga <slouken@libsdl.org>
date Sun, 18 Jul 2010 10:26:46 -0700
parents cd344ebc14e9
children b135d19f9764 436183eb30c8
files src/video/SDL_stretch.c
diffstat 1 files changed, 8 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/video/SDL_stretch.c	Sun Jul 18 08:12:28 2010 -0700
+++ b/src/video/SDL_stretch.c	Sun Jul 18 10:26:46 2010 -0700
@@ -80,7 +80,7 @@
 
     int i;
     int pos, inc;
-    unsigned char *eip;
+    unsigned char *eip, *fence;
     unsigned char load, store;
 
     /* See if we need to regenerate the copy buffer */
@@ -116,14 +116,21 @@
     pos = 0x10000;
     inc = (src_w << 16) / dst_w;
     eip = copy_row;
+    fence = copy_row + sizeof(copy_row)-2;
     for (i = 0; i < dst_w; ++i) {
         while (pos >= 0x10000L) {
+            if (eip == fence) {
+                return -1;
+            }
             if (bpp == 2) {
                 *eip++ = PREFIX16;
             }
             *eip++ = load;
             pos -= 0x10000L;
         }
+        if (eip == fence) {
+            return -1;
+        }
         if (bpp == 2) {
             *eip++ = PREFIX16;
         }
@@ -132,11 +139,6 @@
     }
     *eip++ = RETURN;
 
-    /* Verify that we didn't overflow (too late!!!) */
-    if (eip > (copy_row + sizeof(copy_row))) {
-        SDL_SetError("Copy buffer overflow");
-        return (-1);
-    }
 #ifdef HAVE_MPROTECT
     /* Make the code executable but not writeable */
     if (mprotect(copy_row, sizeof(copy_row), PROT_READ | PROT_EXEC) < 0) {