mirror/Shipwright
1
0
Fork 0
mirror of https://github.com/HarbourMasters/Shipwright.git synced 2024-12-21 23:58:51 -05:00
Code Issues Projects Releases Wiki Activity

Wii U: Fix overflow for GX2CopySurfaceEx (#1655)

Browse Source 
The max amount of rects is 25, everything larger silently overwrites the stack
This commit is contained in:
GaryOderNichts 2022-10-01 18:06:00 +02:00 committed by GitHub
parent 15e22349df
commit 97211093f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libultraship/libultraship/Lib/Fast3D/gfx_gx2.cpp
View File

@ -738,15 +738,11 @@ static std::unordered_map<std::pair<float, float>, uint16_t, hash_pair_ff> gfx_g
}
std::unordered_map<std::pair<float, float>, uint16_t, hash_pair_ff> res;
if (!coordinates.size()) {
return res;
}
GX2Rect srcRects[32];
GX2Point dstPoints[32];
GX2Rect srcRects[25];
GX2Point dstPoints[25];
size_t num_coordinates = coordinates.size();
while (num_coordinates > 0) {
size_t numRects = 32;
size_t numRects = 25;
if (num_coordinates < numRects) {
numRects = num_coordinates;
}
@ -755,8 +751,8 @@ static std::unordered_map<std::pair<float, float>, uint16_t, hash_pair_ff> gfx_g
// initialize rects and points
for (size_t i = 0; i < numRects; ++i) {
const auto& c = *std::next(coordinates.begin(), num_coordinates + i);
const int32_t x = (int32_t) std::clamp(c.first, 0.0f, (float) buffer->depth_buffer.surface.width - 1);
const int32_t y = (int32_t) std::clamp(c.second, 0.0f, (float) buffer->depth_buffer.surface.height - 1);
const int32_t x = (int32_t) std::clamp(c.first, 0.0f, (float) (buffer->depth_buffer.surface.width - 1));
const int32_t y = (int32_t) std::clamp(c.second, 0.0f, (float) (buffer->depth_buffer.surface.height - 1));
srcRects[i] = GX2Rect{
x,