From 2dbb06f8b11578f61ccb4f5c9237e7dfdece6ca2 Mon Sep 17 00:00:00 2001 From: Jack Andersen Date: Fri, 2 Sep 2016 19:19:22 -1000 Subject: [PATCH] CTexture bounds validation --- Runtime/Graphics/CTexture.hpp | 4 ++-- Runtime/Graphics/CTextureBoo.cpp | 17 ++++++++++++----- hecl | 2 +- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/Runtime/Graphics/CTexture.hpp b/Runtime/Graphics/CTexture.hpp index 614f15fb2..5c916a249 100644 --- a/Runtime/Graphics/CTexture.hpp +++ b/Runtime/Graphics/CTexture.hpp @@ -35,8 +35,8 @@ class CTexture void BuildRGB5A3FromGCN(CInputStream& in); void BuildRGBA8FromGCN(CInputStream& in); void BuildDXT1FromGCN(CInputStream& in); - void BuildRGBA8(const void* data); - void BuildC8(const void* data); + void BuildRGBA8(const void* data, size_t length); + void BuildC8(const void* data, size_t length); public: CTexture(std::unique_ptr&& in, u32 length); diff --git a/Runtime/Graphics/CTextureBoo.cpp b/Runtime/Graphics/CTextureBoo.cpp index b024ff020..2bbc63966 100644 --- a/Runtime/Graphics/CTextureBoo.cpp +++ b/Runtime/Graphics/CTextureBoo.cpp @@ -648,21 +648,28 @@ void CTexture::BuildDXT1FromGCN(CInputStream& in) }); } -void CTexture::BuildRGBA8(const void* data) +void CTexture::BuildRGBA8(const void* data, size_t length) { size_t texelCount = ComputeMippedTexelCount(); + size_t expectedSize = texelCount * 4; + if (expectedSize > length) + Log.report(logvisor::Fatal, "insufficient TXTR length (%" PRISize "/%" PRISize ")", + length, expectedSize); m_booToken = CGraphics::CommitResources([&](boo::IGraphicsDataFactory::Context& ctx) -> bool { m_booTex = ctx.newStaticTexture(x4_w, x6_h, x8_mips, boo::TextureFormat::RGBA8, - data, texelCount * 4); + data, expectedSize); return true; }); } -void CTexture::BuildC8(const void* data) +void CTexture::BuildC8(const void* data, size_t length) { size_t texelCount = ComputeMippedTexelCount(); + if (texelCount > length) + Log.report(logvisor::Fatal, "insufficient TXTR length (%" PRISize "/%" PRISize ")", + length, texelCount); m_booToken = CGraphics::CommitResources([&](boo::IGraphicsDataFactory::Context& ctx) -> bool { @@ -722,10 +729,10 @@ CTexture::CTexture(std::unique_ptr&& in, u32 length) BuildDXT1FromGCN(r); break; case ETexelFormat::RGBA8PC: - BuildRGBA8(owned.get() + 12); + BuildRGBA8(owned.get() + 12, length - 12); break; case ETexelFormat::C8PC: - BuildC8(owned.get() + 12); + BuildC8(owned.get() + 12, length - 12); break; default: Log.report(logvisor::Fatal, "invalid texture type %d for boo", int(x0_fmt)); diff --git a/hecl b/hecl index 172d1de27..42679f2a3 160000 --- a/hecl +++ b/hecl @@ -1 +1 @@ -Subproject commit 172d1de275d05f1fc8d69dac0c193d7c8bcc78cd +Subproject commit 42679f2a3ae651a7c070688969a8a8430791256e