mirrors/SDL
1
0
Fork 0
mirror of https://github.com/libsdl-org/SDL.git synced 2025-10-15 22:35:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent potential overflow in rectangle functions

Browse Source 
We're limiting the functions to rects with positions and sizes < 1 billion for speed, which is totally fine for most SDL use cases. If you need rectangles larger than that, you can roll your own functions that use 64-bit intermediate values and do proper overflow handling of output values.

Fixes https://github.com/libsdl-org/SDL/issues/8879
This commit is contained in:
Sam Lantinga
2024-07-21 12:39:45 -07:00
parent 22bfbdbc02
commit bd27b89903
3 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/video/SDL_rect_impl.h
View File

@@ -21,6 +21,19 @@
/* This file is #included twice to support int and float versions with the same code. */
static SDL_bool SDL_RECT_CAN_OVERFLOW(const RECTTYPE *rect)
{
if (rect->x <= (SCALARTYPE)(SDL_MIN_SINT32 / 2) ||
rect->x >= (SCALARTYPE)(SDL_MAX_SINT32 / 2) ||
rect->y <= (SCALARTYPE)(SDL_MIN_SINT32 / 2) ||
rect->y >= (SCALARTYPE)(SDL_MAX_SINT32 / 2) ||
rect->w >= (SCALARTYPE)(SDL_MAX_SINT32 / 2) ||
rect->h >= (SCALARTYPE)(SDL_MAX_SINT32 / 2)) {
return SDL_TRUE;
}
return SDL_FALSE;
}
SDL_bool SDL_HASINTERSECTION(const RECTTYPE *A, const RECTTYPE *B)
{
SCALARTYPE Amin, Amax, Bmin, Bmax;
@@ -31,6 +44,10 @@ SDL_bool SDL_HASINTERSECTION(const RECTTYPE *A, const RECTTYPE *B)
} else if (!B) {
SDL_InvalidParamError("B");
return SDL_FALSE;
} else if (SDL_RECT_CAN_OVERFLOW(A) ||
SDL_RECT_CAN_OVERFLOW(B)) {
SDL_SetError("Potential rect math overflow");
return SDL_FALSE;
} else if (SDL_RECTEMPTY(A) || SDL_RECTEMPTY(B)) {
return SDL_FALSE; /* Special cases for empty rects */
}
@@ -76,6 +93,10 @@ SDL_bool SDL_INTERSECTRECT(const RECTTYPE *A, const RECTTYPE *B, RECTTYPE *resul
} else if (!B) {
SDL_InvalidParamError("B");
return SDL_FALSE;
} else if (SDL_RECT_CAN_OVERFLOW(A) ||
SDL_RECT_CAN_OVERFLOW(B)) {
SDL_SetError("Potential rect math overflow");
return SDL_FALSE;
} else if (!result) {
SDL_InvalidParamError("result");
return SDL_FALSE;
@@ -124,6 +145,10 @@ int SDL_UNIONRECT(const RECTTYPE *A, const RECTTYPE *B, RECTTYPE *result)
return SDL_InvalidParamError("A");
} else if (!B) {
return SDL_InvalidParamError("B");
} else if (SDL_RECT_CAN_OVERFLOW(A) ||
SDL_RECT_CAN_OVERFLOW(B)) {
SDL_SetError("Potential rect math overflow");
return SDL_FALSE;
} else if (!result) {
return SDL_InvalidParamError("result");
} else if (SDL_RECTEMPTY(A)) { /* Special cases for empty Rects */
@@ -300,6 +325,9 @@ SDL_bool SDL_INTERSECTRECTANDLINE(const RECTTYPE *rect, SCALARTYPE *X1, SCALARTY
if (!rect) {
SDL_InvalidParamError("rect");
return SDL_FALSE;
} else if (SDL_RECT_CAN_OVERFLOW(rect)) {
SDL_SetError("Potential rect math overflow");
return SDL_FALSE;
} else if (!X1) {
SDL_InvalidParamError("X1");
return SDL_FALSE;
@@ -430,6 +458,7 @@ SDL_bool SDL_INTERSECTRECTANDLINE(const RECTTYPE *rect, SCALARTYPE *X1, SCALARTY
#undef BIGSCALARTYPE
#undef COMPUTEOUTCODE
#undef ENCLOSEPOINTS_EPSILON
#undef SDL_RECT_CAN_OVERFLOW
#undef SDL_HASINTERSECTION
#undef SDL_INTERSECTRECT
#undef SDL_RECTEMPTY