Another sprite buffer overflow fix attempt.

author Toni Wilen <twilen@winuae.net>

Sun, 21 May 2023 15:33:27 +0000 (18:33 +0300)

committer Toni Wilen <twilen@winuae.net>

Sun, 21 May 2023 15:33:27 +0000 (18:33 +0300)
author Toni Wilen <twilen@winuae.net>
Sun, 21 May 2023 15:33:27 +0000 (18:33 +0300)
committer Toni Wilen <twilen@winuae.net>
Sun, 21 May 2023 15:33:27 +0000 (18:33 +0300)
diff --git a/custom.cpp b/custom.cpp

index e657e420c33e573d916687f8ca315cafcf9940c8..28bb47940efad316a01b352e4be10f9c250c8dca 100644 (file)
--- a/custom.cpp
+++ b/custom.cpp
@@ -550,7 +550,7 @@ int bogusframe;
  
  /* Recording of custom chip register changes.  */
  static int current_change_set;
-static struct sprite_entry sprite_entries[2][MAX_SPR_PIXELS / 16];
+static struct sprite_entry sprite_entries[2][MAX_SPR_PIXELS / 32];
  static struct color_change color_changes[2][MAX_REG_CHANGE];
  
  struct decision line_decisions[2 * (MAXVPOS + MAXVPOS_WRAPLINES) + 1];
@@ -561,6 +561,7 @@ static struct color_entry color_tables[2][COLOR_TABLE_SIZE];
  static int next_sprite_entry = 0, last_sprite_entry = 0;
  static int prev_next_sprite_entry;
  static int next_sprite_forced = 1;
+static int spixels_max;
  
  struct sprite_entry *curr_sprite_entries, *prev_sprite_entries;
  struct color_change *curr_color_changes, *prev_color_changes;
@@ -5564,6 +5565,9 @@ static void record_sprite(int num, int sprxp, uae_u16 *data, uae_u16 *datb, unsi
         if (next_sprite_entry >= last_sprite_entry) {
                 return;
         }
+       if (e->first_pixel >= spixels_max) {
+               return;
+       }
  
         half = 0;
         dbl = sprite_buffer_res - sprres;
@@ -11500,7 +11504,8 @@ void init_hardware_for_drawing_frame(void)
         }
         prev_next_sprite_entry = next_sprite_entry;
         next_sprite_entry = 0;
-       last_sprite_entry = MAX_SPR_PIXELS - 1;
+       last_sprite_entry = MAX_SPR_PIXELS - 2;
+       spixels_max = sizeof(spixels) / sizeof(*spixels) - MAX_PIXELS_PER_LINE;
  
         next_lineno = calculate_lineno(vpos);
         last_color_change = 0;
diff --git a/include/drawing.h b/include/drawing.h

index 30f251b412db39eb18a6e8a691626dea2fbbf335..dbdd1fcc0a18884be02716559dfba0c897a2c1a8 100644 (file)
--- a/include/drawing.h
+++ b/include/drawing.h
@@ -260,7 +260,7 @@ struct color_change {
  #define MAXVPOS_WRAPLINES 10
  
  /* No divisors for MAX_PIXELS_PER_LINE; we support AGA and SHRES sprites */
-#define MAX_SPR_PIXELS ((((MAXVPOS + MAXVPOS_WRAPLINES) * 2 + 1) * MAX_PIXELS_PER_LINE) / 12)
+#define MAX_SPR_PIXELS ((((MAXVPOS + MAXVPOS_WRAPLINES) * 2 + 1) * MAX_PIXELS_PER_LINE) / 4)
  
  struct sprite_entry
  {
author	Toni Wilen <twilen@winuae.net>
	Sun, 21 May 2023 15:33:27 +0000 (18:33 +0300)
committer	Toni Wilen <twilen@winuae.net>
	Sun, 21 May 2023 15:33:27 +0000 (18:33 +0300)
custom.cpp		patch \| blob \| history
include/drawing.h		patch \| blob \| history