This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to branch debian/master
in repository openjk.
commit 92059a6bdd9a7a256e0a07d550c5fc4db4ddb8f4
Author: Razish <mrraz...@gmail.com>
Date: Sun Dec 10 02:42:29 2017 +1100
[Shared] Fix crash when passing invalid animations to PM_AnimLength. Fixes
#943. Ref #939.
Thanks to @peter-kien for pointing out the cause of UB
---
code/game/bg_panimate.cpp | 8 ++++----
codeJK2/game/bg_panimate.cpp | 6 +++---
codemp/game/bg_panimate.c | 20 ++++++++------------
3 files changed, 15 insertions(+), 19 deletions(-)
diff --git a/code/game/bg_panimate.cpp b/code/game/bg_panimate.cpp
index b681329..a016cc6 100644
--- a/code/game/bg_panimate.cpp
+++ b/code/game/bg_panimate.cpp
@@ -4373,12 +4373,12 @@ PM_AnimLength
-------------------------
*/
-int PM_AnimLength( int index, animNumber_t anim )
-{
- if ( ValidAnimFileIndex( index ) == false )
+int PM_AnimLength( int index, animNumber_t anim ) {
+ if ( !ValidAnimFileIndex( index ) || (int)anim < 0 || anim >=
MAX_ANIMATIONS ) {
return 0;
+ }
- return level.knownAnimFileSets[index].animations[anim].numFrames *
abs(level.knownAnimFileSets[index].animations[anim].frameLerp);
+ return level.knownAnimFileSets[index].animations[anim].numFrames * abs(
level.knownAnimFileSets[index].animations[anim].frameLerp );
}
/*
diff --git a/codeJK2/game/bg_panimate.cpp b/codeJK2/game/bg_panimate.cpp
index 7fd2c7c..91ecc83 100644
--- a/codeJK2/game/bg_panimate.cpp
+++ b/codeJK2/game/bg_panimate.cpp
@@ -2035,10 +2035,10 @@ PM_AnimLength
-------------------------
*/
-int PM_AnimLength( int index, animNumber_t anim )
-{
- if ( ValidAnimFileIndex( index ) == false )
+int PM_AnimLength( int index, animNumber_t anim ) {
+ if ( !ValidAnimFileIndex( index ) || (int)anim < 0 || anim >=
MAX_ANIMATIONS ) {
return 0;
+ }
return level.knownAnimFileSets[index].animations[anim].numFrames *
fabs((double)(level.knownAnimFileSets[index].animations[anim].frameLerp));
}
diff --git a/codemp/game/bg_panimate.c b/codemp/game/bg_panimate.c
index 8b7b22f..3f6b9be 100644
--- a/codemp/game/bg_panimate.c
+++ b/codemp/game/bg_panimate.c
@@ -1589,25 +1589,21 @@ and anim number. Obviously does not take things like
the length of the
anim while force speeding (as an example) and whatnot into account.
=============
*/
-int BG_AnimLength( int index, animNumber_t anim )
-{
- if (anim >= MAX_ANIMATIONS)
- {
- return -1;
+int BG_AnimLength( int index, animNumber_t anim ) {
+ if ( (int)anim < 0 || anim >= MAX_ANIMATIONS ) {
+ return 0;
}
- return bgAllAnims[index].anims[anim].numFrames *
fabs((float)(bgAllAnims[index].anims[anim].frameLerp));
+ return bgAllAnims[index].anims[anim].numFrames * fabs(
(float)(bgAllAnims[index].anims[anim].frameLerp) );
}
//just use whatever pm->animations is
-int PM_AnimLength( int index, animNumber_t anim )
-{
- if (anim >= MAX_ANIMATIONS || !pm->animations)
- {
- return -1;
+int PM_AnimLength( int index, animNumber_t anim ) {
+ if ( !pm->animations || (int)anim < 0 || anim >= MAX_ANIMATIONS ) {
+ return 0;
}
- return pm->animations[anim].numFrames *
fabs((float)(pm->animations[anim].frameLerp));
+ return pm->animations[anim].numFrames * fabs(
(float)(pm->animations[anim].frameLerp) );
}
void PM_DebugLegsAnim(int anim)
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/pkg-games/openjk.git
_______________________________________________
Pkg-games-commits mailing list
Pkg-games-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-games-commits
