-
-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix some overflows and unitialized variables #33583
Fix some overflows and unitialized variables #33583
Conversation
14c27bb
to
82a2ae8
Compare
@@ -525,6 +525,8 @@ Error ProjectSettings::_load_settings_binary(const String &p_path) { | |||
set(key, value); | |||
} | |||
|
|||
f->close(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really need to close
before memdelete
? Because if so there are tons of locations where this is not done currently and we just memdelete(f)
(including in this very method).
drivers/png/image_loader_png.cpp
Outdated
@@ -64,7 +65,7 @@ Ref<Image> ImageLoaderPNG::load_mem_png(const uint8_t *p_png, int p_size) { | |||
Ref<Image> img; | |||
img.instance(); | |||
|
|||
Error err = PNGDriverCommon::png_to_image(p_png, p_size, img); | |||
Error err = PNGDriverCommon::png_to_image(p_png, p_size == -1 ? (sizeof(size_t) == 4 ? INT32_MAX : INT64_MAX) : p_size, img); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, overflowing the integer size is NOT a feature we use (at least not in such obvious case), we shouldn't make code that does it explicitly to silence a warning pointing us to an actual bug.
p_size
should be unsigned, and lossless_unpack_png
should be fixed so that it can't pass a negative size (which should already be the case BTW since it errors if len < 4
and it passes len - 4
, so I'm not sure what we're fixing here).
Edit: load_mem_png
is passed around as _png_mem_loader_func
, it must be one of those downstream users that pass invalid sizes and they should all be reviewed and fixed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just do something like:
ERR_FAIL_COND_V_MSG(p_size < 0, Ref<Image>, "Cannot convert PNG to Image resource with a negative size.");
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs a dedicated bug report, but this manual overflow is definitely not OK.
Image(const uint8_t *p_mem_png_jpg, int p_len = -1);
is bogus and should be removed, or changed so that a default length of -1
means that the size is inferred from the byte array. Currently that's not done, so I don't even understand how make_icon
works at all.
9a52b0f
to
63cab78
Compare
63cab78
to
60314dd
Compare
@@ -174,6 +174,9 @@ inline void __swap_tmpl(T &x, T &y) { | |||
|
|||
static _FORCE_INLINE_ unsigned int next_power_of_2(unsigned int x) { | |||
|
|||
if (x == 0) | |||
return 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Braces will be enforced in the near future, see #33027
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah but this will be done by a script. No need to refactor existing code to match it yet (it's not bad to do it either, but it's not necessary).
@@ -63,6 +63,8 @@ void Tween::_add_pending_command(StringName p_key, const Variant &p_arg1, const | |||
count = 2; | |||
else if (p_arg1.get_type() != Variant::NIL) | |||
count = 1; | |||
else | |||
count = 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above.
@@ -820,7 +820,7 @@ void RasterizerCanvasGLES3::_canvas_item_render_commands(Item *p_item, Item *cur | |||
|
|||
RasterizerStorageGLES3::Texture *texture = _bind_canvas_texture(mesh->texture, mesh->normal_map); | |||
|
|||
if (texture) { | |||
if (texture && texture->width != 0 && texture->height != 0) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are lots of other occurrences of the same code in this file which also need to be handled.
I don't know if this would negatively impact performance, maybe we'd better ensure that textures can't have null widths/heights? CC @clayjohn
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one is the last change I'm not 100% sure about, so I'd suggest to move it to a separate PR to be discussed further. Then this PR can be merged.
3dd095f
to
039f7ee
Compare
039f7ee
to
99d8626
Compare
Thanks! |
Fixes #33240
Fixes also warnings showed by undefined behavior sanitizer like division by zero, unitialized variables and loss value conversions
and this leak