diff options
| author | Thomas Huth <huth@tuxfamily.org> | 2022-02-12 09:14:11 (GMT) |
|---|---|---|
| committer | Thomas Huth <huth@tuxfamily.org> | 2022-02-12 09:14:11 (GMT) |
| commit | c3875fc8bf3148c376262a71966fd4bbcd54ff22 (patch) | |
| tree | 9844f233f64914a32e8df482887f827c5d6a55df | |
| parent | 0f76e8ffb9f3df1585a20fd646f20a0b4669ad0a (diff) | |
| download | hatari-c3875fc8bf3148c376262a71966fd4bbcd54ff22.zip hatari-c3875fc8bf3148c376262a71966fd4bbcd54ff22.tar.gz | |
Add sanity checks to avoid accesses beyond the end of the ST-RAM
Otherwise Hatari could crash if the screen was going beyond
the end of the ST-RAM.
| -rw-r--r-- | src/screenConvert.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/src/screenConvert.c b/src/screenConvert.c index 8219c72..c8c039a 100644 --- a/src/screenConvert.c +++ b/src/screenConvert.c @@ -365,6 +365,7 @@ static void ScreenConv_BitplaneTo16bppNoZoom(Uint16 *fvram_line, Uint8 *hvram, int upperBorder, int lowBorder) { Uint16 *hvram_line = (Uint16 *)hvram; + Uint16 *pRamEnd = (Uint16 *)&STRam[STRamEnd]; int pitch = sdlscrn->pitch >> 1; int h; @@ -380,6 +381,13 @@ static void ScreenConv_BitplaneTo16bppNoZoom(Uint16 *fvram_line, Uint8 *hvram, { Uint16 *hvram_column = hvram_line; + if (fvram_line + nextline > pRamEnd) + { + Screen_memset_uint16(hvram_line, palette.native[0], pitch); + hvram_line += pitch; + continue; + } + nSampleHoldIdx = 0; /* Left border first */ @@ -412,6 +420,7 @@ static void ScreenConv_BitplaneTo32bppNoZoom(Uint16 *fvram_line, Uint8 *hvram, int upperBorder, int lowBorder) { Uint32 *hvram_line = (Uint32 *)hvram; + Uint16 *pRamEnd = (Uint16 *)&STRam[STRamEnd]; int pitch = sdlscrn->pitch >> 2; int h; @@ -427,6 +436,13 @@ static void ScreenConv_BitplaneTo32bppNoZoom(Uint16 *fvram_line, Uint8 *hvram, { Uint32 *hvram_column = hvram_line; + if (fvram_line + nextline > pRamEnd) + { + Screen_memset_uint32(hvram_line, palette.native[0], pitch); + hvram_line += pitch; + continue; + } + nSampleHoldIdx = 0; /* Left border first */ @@ -459,6 +475,7 @@ static void ScreenConv_HiColorTo16bppNoZoom(Uint16 *fvram_line, Uint8 *hvram, int upperBorder, int lowBorder) { Uint16 *hvram_line = (Uint16 *)hvram; + Uint16 *pRamEnd = (Uint16 *)&STRam[STRamEnd]; int pitch = sdlscrn->pitch >> 1; int h; @@ -477,6 +494,14 @@ static void ScreenConv_HiColorTo16bppNoZoom(Uint16 *fvram_line, Uint8 *hvram, Uint16 *fvram_column; int w; #endif + + if (fvram_line + nextline > pRamEnd) + { + Screen_memset_uint16(hvram_line, palette.native[0], pitch); + hvram_line += pitch; + continue; + } + /* Left border first */ Screen_memset_uint16(hvram_column, palette.native[0], leftBorder); hvram_column += leftBorder; @@ -517,6 +542,7 @@ static void ScreenConv_HiColorTo32bppNoZoom(Uint16 *fvram_line, Uint8 *hvram, int upperBorder, int lowBorder) { Uint32 *hvram_line = (Uint32 *)hvram; + Uint16 *pRamEnd = (Uint16 *)&STRam[STRamEnd]; int pitch = sdlscrn->pitch >> 2; int h, w; @@ -533,6 +559,13 @@ static void ScreenConv_HiColorTo32bppNoZoom(Uint16 *fvram_line, Uint8 *hvram, Uint16 *fvram_column = fvram_line; Uint32 *hvram_column = hvram_line; + if (fvram_line + nextline > pRamEnd) + { + Screen_memset_uint32(hvram_line, palette.native[0], pitch); + hvram_line += pitch; + continue; + } + /* Left border first */ Screen_memset_uint32(hvram_column, palette.native[0], leftBorder); hvram_column += leftBorder; @@ -683,6 +716,7 @@ static void ScreenConv_BitplaneTo16bppZoomed(Uint16 *fvram, Uint8 *hvram, Uint16 *hvram_line = (Uint16 *)hvram; Uint16 *hvram_column = p2cline; Uint16 *fvram_line; + Uint16 *pRamEnd = (Uint16 *)&STRam[STRamEnd]; unsigned int nBytesPerPixel = sdlscrn->format->BytesPerPixel; int pitch = sdlscrn->pitch >> 1; int cursrcline = -1; @@ -708,6 +742,10 @@ static void ScreenConv_BitplaneTo16bppZoomed(Uint16 *fvram, Uint8 *hvram, { memcpy(hvram_line, hvram_line - pitch, scrwidth * nBytesPerPixel); } + else if (fvram_line + nextline > pRamEnd) + { + Screen_memset_uint16(hvram_line, palette.native[0], pitch); + } else { ScreenConv_BitplaneLineTo16bpp(fvram_line, p2cline, @@ -755,6 +793,7 @@ static void ScreenConv_BitplaneTo32bppZoomed(Uint16 *fvram, Uint8 *hvram, Uint32 *hvram_line = (Uint32 *)hvram; Uint32 *hvram_column = p2cline; Uint16 *fvram_line; + Uint16 *pRamEnd = (Uint16 *)&STRam[STRamEnd]; unsigned int nBytesPerPixel = sdlscrn->format->BytesPerPixel; int pitch = sdlscrn->pitch >> 2; int cursrcline = -1; @@ -780,6 +819,10 @@ static void ScreenConv_BitplaneTo32bppZoomed(Uint16 *fvram, Uint8 *hvram, { memcpy(hvram_line, hvram_line - pitch, scrwidth * nBytesPerPixel); } + else if (fvram_line + nextline > pRamEnd) + { + Screen_memset_uint32(hvram_line, palette.native[0], pitch); + } else { ScreenConv_BitplaneLineTo32bpp(fvram_line, p2cline, @@ -826,6 +869,7 @@ static void ScreenConv_HiColorTo16bppZoomed(Uint16 *fvram, Uint8 *hvram, Uint16 *hvram_line = (Uint16 *)hvram; Uint16 *hvram_column = hvram_line; Uint16 *fvram_line; + Uint16 *pRamEnd = (Uint16 *)&STRam[STRamEnd]; unsigned int nBytesPerPixel = sdlscrn->format->BytesPerPixel; int pitch = sdlscrn->pitch >> 1; int cursrcline = -1; @@ -854,6 +898,10 @@ static void ScreenConv_HiColorTo16bppZoomed(Uint16 *fvram, Uint8 *hvram, { memcpy(hvram_line, hvram_line - pitch, scrwidth * nBytesPerPixel); } + else if (fvram_line + nextline > pRamEnd) + { + Screen_memset_uint16(hvram_line, palette.native[0], pitch); + } else { hvram_column = hvram_line; @@ -893,6 +941,7 @@ static void ScreenConv_HiColorTo32bppZoomed(Uint16 *fvram, Uint8 *hvram, Uint32 *hvram_line = (Uint32 *)hvram; Uint32 *hvram_column = hvram_line; Uint16 *fvram_line; + Uint16 *pRamEnd = (Uint16 *)&STRam[STRamEnd]; unsigned int nBytesPerPixel = sdlscrn->format->BytesPerPixel; int pitch = sdlscrn->pitch >> 2; int cursrcline = -1; @@ -920,6 +969,10 @@ static void ScreenConv_HiColorTo32bppZoomed(Uint16 *fvram, Uint8 *hvram, { memcpy(hvram_line, hvram_line - pitch, scrwidth * nBytesPerPixel); } + else if (fvram_line + nextline > pRamEnd) + { + Screen_memset_uint32(hvram_line, palette.native[0], pitch); + } else { hvram_column = hvram_line; |