projects
/
rocksndiamonds.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fixed potential crash bugs when converting between tapes and Supaplex demos
[rocksndiamonds.git]
/
src
/
files.c
diff --git
a/src/files.c
b/src/files.c
index 4fd17038204a1dce81521c71a3f83df4aa0d4735..8b69451a5f747767416c85b8bf249008a1f2e107 100644
(file)
--- a/
src/files.c
+++ b/
src/files.c
@@
-3779,6
+3779,15
@@
static void CopyNativeTape_RND_to_SP(struct LevelInfo *level)
{
int demo_action = map_key_RND_to_SP(tape.pos[i].action[0]);
int demo_repeat = tape.pos[i].delay;
{
int demo_action = map_key_RND_to_SP(tape.pos[i].action[0]);
int demo_repeat = tape.pos[i].delay;
+ int demo_entries = (demo_repeat + 15) / 16;
+
+ if (demo->length + demo_entries >= SP_MAX_TAPE_LEN)
+ {
+ Error(ERR_WARN, "tape truncated: size exceeds maximum SP demo size %d",
+ SP_MAX_TAPE_LEN);
+
+ break;
+ }
for (j = 0; j < demo_repeat / 16; j++)
demo->data[demo->length++] = 0xf0 | demo_action;
for (j = 0; j < demo_repeat / 16; j++)
demo->data[demo->length++] = 0xf0 | demo_action;
@@
-3787,8
+3796,6
@@
static void CopyNativeTape_RND_to_SP(struct LevelInfo *level)
demo->data[demo->length++] = ((demo_repeat % 16 - 1) << 4) | demo_action;
}
demo->data[demo->length++] = ((demo_repeat % 16 - 1) << 4) | demo_action;
}
- demo->data[demo->length++] = 0xff;
-
demo->is_available = TRUE;
}
demo->is_available = TRUE;
}
@@
-3808,12
+3815,16
@@
static void CopyNativeTape_SP_to_RND(struct LevelInfo *level)
return;
tape.level_nr = demo->level_nr; /* (currently not used) */
return;
tape.level_nr = demo->level_nr; /* (currently not used) */
- tape.length =
demo->length - 1; /* without "end of demo" byte */
+ tape.length =
MIN(demo->length, MAX_TAPE_LEN);
tape.random_seed = level_sp->header.DemoRandomSeed;
TapeSetDateFromEpochSeconds(getFileTimestampEpochSeconds(filename));
tape.random_seed = level_sp->header.DemoRandomSeed;
TapeSetDateFromEpochSeconds(getFileTimestampEpochSeconds(filename));
- for (i = 0; i < demo->length - 1; i++)
+ if (tape.length < demo->length)
+ Error(ERR_WARN, "SP demo truncated: size %d exceeds maximum tape size %d",
+ demo->length, MAX_TAPE_LEN);
+
+ for (i = 0; i < tape.length; i++)
{
int demo_action = demo->data[i] & 0x0f;
int demo_repeat = (demo->data[i] & 0xf0) >> 4;
{
int demo_action = demo->data[i] & 0x0f;
int demo_repeat = (demo->data[i] & 0xf0) >> 4;