# HG changeset patch # User Nomad # Date 1364296481 -7200 # Node ID 352c5161fadea2152a219371122ddd5f3432d3e8 # Parent 448e6d979c7a45831d01b9aadbc0cf33349af30c Fixed buffer overrun in MakeScreenshot. diff -r 448e6d979c7a -r 352c5161fade mm7_2.cpp --- a/mm7_2.cpp Tue Mar 26 12:41:41 2013 +0200 +++ b/mm7_2.cpp Tue Mar 26 13:14:41 2013 +0200 @@ -6257,19 +6257,19 @@ //----- (0045E03A) -------------------------------------------------------- unsigned short * MakeScreenshot( signed int width, signed int height ) - { - signed int v2; // edi@1 +{ + //signed int v2; // edi@1 unsigned __int16 *v3; // ebx@1 int v4; // edx@7 unsigned __int8 v5; // cf@9 unsigned int v6; // ecx@9 unsigned __int16 *v7; // edi@9 int j; // ecx@9 - unsigned __int16 *v9; // edi@15 - int v10; // ecx@15 - LONG v11; // esi@15 - signed __int64 v12; // qax@18 - unsigned int v13; // ST10_4@21 + //unsigned __int16 *v9; // edi@15 + //int v10; // ecx@15 + //LONG v11; // esi@15 + //signed __int64 v12; // qax@18 + //unsigned int v13; // ST10_4@21 HRESULT v14; // eax@21 int v15; // edi@29 signed __int64 v16; // qax@30 @@ -6282,77 +6282,73 @@ unsigned __int16 *_this; // [sp+88h] [bp-1Ch]@21 float v25; // [sp+8Ch] [bp-18h]@1 unsigned int v26; // [sp+90h] [bp-14h]@17 - int v27; // [sp+94h] [bp-10h]@1 + //int v27; // [sp+94h] [bp-10h]@1 int v28; // [sp+98h] [bp-Ch]@16 - int i; // [sp+9Ch] [bp-8h]@15 - int v30; // [sp+A0h] [bp-4h]@1 - - v30 = width; - v2 = height; - v27 = height; + int v29; // [sp+9Ch] [bp-8h]@15 + //int v30; // [sp+A0h] [bp-4h]@1 + + //v30 = width; + //v2 = height; + //v27 = height; v23 = 452.0 / (double)width; v25 = 336.0 / (double)height; pPixels = (unsigned __int16 *)malloc(2 * height * width); - memset(pPixels,0,2 * height * width); - /*v3 = pPixels; + memset(pPixels, 0 , 2 * height * width); + v3 = pPixels; if ( pRenderer->pRenderD3D ) { pRenderer->BeginSceneD3D(); - if ( uCurrentlyLoadedLevelType == LEVEL_Indoor ) - { + + if (uCurrentlyLoadedLevelType == LEVEL_Indoor) pIndoor->Draw(); - } - else - { - if ( uCurrentlyLoadedLevelType == LEVEL_Outdoor ) - pOutdoor->Draw(); - } + else if (uCurrentlyLoadedLevelType == LEVEL_Outdoor) + pOutdoor->Draw(); + pRenderer->DrawBillboards_And_MaybeRenderSpecialEffects_And_EndScene(); memset(&Dst, 0, 0x7Cu); - Dst.dwSize = 124; + Dst.dwSize = sizeof(Dst); + if ( pRenderer->LockSurface_DDraw4(pRenderer->pBackBuffer4, &Dst, DDLOCK_WAIT) ) { - v9 = (unsigned __int16 *)Dst.lpSurface; - v10 = 0; - v11 = Dst.lPitch >> 1; - for ( i = 0; i < v27; ++i ) - { - v28 = v10; - if ( v30 > v10 ) - { - v26 = v11 * (unsigned __int64)(signed __int64)((double)i * v25 + 8.0); - do - { - v12 = (signed __int64)((double)v28++ * v23 + 8.0); - *v3 = v9[v26 + (int)v12]; - ++v3; - } - while ( v28 < v30 ); - v10 = 0; - } - } - v13 = v10; + auto src = (unsigned __int16 *)Dst.lpSurface; + auto dst = pPixels; + for (uint y = 0; y < height; ++y) + { + uint src_y = (y * v25 + 8.0f) * (Dst.lPitch / sizeof(short)); + assert(y * v25 + 8.0f < Dst.dwHeight); + assert(y < height); + + for (uint x = 0; x < width; ++x) + { + uint src_x = x * v23 + 8.0; + assert(src_x < Dst.dwWidth); + assert(x < width); + + *dst++ = src[src_y + src_x]; + } + } ErrD3D(pRenderer->pBackBuffer4->Unlock(0)); } else { - v4 = v27; - if ( v27 > 0 ) + __debugbreak(); // unrefactored + v4 = height; + if ( height > 0 ) { do { - if ( v30 > 0 ) - { - v5 = v30 & 1; - v6 = (unsigned int)v30 >> 1; - memset(v3, 0, 4 * ((unsigned int)v30 >> 1)); + if ( width > 0 ) + { + v5 = width & 1; + v6 = (unsigned int)width >> 1; + memset(v3, 0, 4 * ((unsigned int)width >> 1)); v7 = &v3[2 * v6]; for ( j = v5; j; --j ) { *v7 = 0; ++v7; } - v3 += v30; + v3 += width; } --v4; } @@ -6376,45 +6372,45 @@ v26 = pRenderer->uTargetSurfacePitch; if ( pRenderer->pTargetSurface ) { - i = 0; - if ( v2 > 0 ) + v29 = 0; + if ( height > 0 ) { do { v28 = 0; - if ( v30 > 0 ) - { - v15 = v26 * (unsigned __int64)(signed __int64)((double)i * v25 + 8.0); + if ( width > 0 ) + { + v15 = v26 * (unsigned __int64)(signed __int64)((double)v29 * v25 + 8.0); do { v16 = (signed __int64)((double)v28++ * v23 + 8.0); *v3 = _this[v15 + (int)v16]; ++v3; } - while ( v28 < v30 ); - } - ++i; - } - while ( i < v27 ); + while ( v28 < width ); + } + ++v29; + } + while ( v29 < height ); } } else { - if ( v2 > 0 ) - { - v17 = v2; + if ( height > 0 ) + { + v17 = height; do { - if ( v30 > 0 ) - { - memset(v3, 0, 4 * ((unsigned int)v30 >> 1)); - v18 = &v3[2 * ((unsigned int)v30 >> 1)]; - for ( k = v30 & 1; k; --k ) + if ( width > 0 ) + { + memset(v3, 0, 4 * ((unsigned int)width >> 1)); + v18 = &v3[2 * ((unsigned int)width >> 1)]; + for ( k = width & 1; k; --k ) { *v18 = 0; ++v18; } - v3 += v30; + v3 += width; } --v17; } @@ -6422,7 +6418,7 @@ } } pRenderer->EndScene(); - }*/ + } return pPixels; }