shithub: rgbds

Download patch

ref: 04788e15af6878c220602d2248b2b8f5182e96a0
parent: dcb8c6966155f556ff186dd21d3fdac610d2baba
author: Rangi <[email protected]>
date: Sat May 1 18:33:54 EDT 2021

Fix a potential out-of-bounds array access in RGBGFX

This was caught by ASAN for pokered's gfx/battle/minimize.png.

--- a/src/gfx/gb.c
+++ b/src/gfx/gb.c
@@ -224,7 +224,11 @@
 		if (!tile)
 			err(1, "%s: Failed to allocate memory for tile",
 			    __func__);
-		for (i = 0; i < tile_size; i++) {
+		/*
+		 * If the input image doesn't fill the last tile,
+		 * `gb_i` will reach `gb_size`.
+		 */
+		for (i = 0; i < tile_size && gb_i < gb_size; i++) {
 			tile[i] = gb->data[gb_i];
 			gb_i++;
 		}