shithub: rgbds

Download patch

ref: 7bce97f81731d779623401f9390711c8900db720
parent: 483a63156b64370638574a42916bf61505315d3a
author: Antonio Niño Díaz <[email protected]>
date: Mon Mar 19 17:33:30 EDT 2018

Fix crash in rgbgfx with height not multiple of 8

Images are allowed to have any arbitrary height if the width is 8. If
the height is not a multiple of 8, the number of tiles calculated won't
be an exact number and it will be rounded down. This patch increases the
number of tiles allocated in this case to prevent rgbgfx from accessing
memory that hasn't been allocated.

The buffers are now initialized to 0 with calloc instead of being
created with malloc.

Signed-off-by: Antonio Niño Díaz <[email protected]>

--- a/src/gfx/gb.c
+++ b/src/gfx/gb.c
@@ -101,10 +101,15 @@
 	tile_size = sizeof(uint8_t) * depth * 8;
 	gb_size = gb->size - (gb->trim * tile_size);
 	max_tiles = gb_size / tile_size;
-	tiles = malloc(sizeof(uint8_t *) * max_tiles);
+
+	/* If the input image doesn't fill the last tile, increase the count. */
+	if (gb_size > max_tiles * tile_size)
+		max_tiles++;
+
+	tiles = calloc(max_tiles, sizeof(uint8_t *));
 	num_tiles = 0;
 
-	tilemap->data = malloc(sizeof(uint8_t) * max_tiles);
+	tilemap->data = calloc(max_tiles, sizeof(uint8_t));
 	tilemap->size = 0;
 
 	gb_i = 0;