From: Toni Wilen <twilen@winuae.net>
Date: Sun, 21 May 2023 15:33:27 +0000 (+0300)
Subject: Another sprite buffer overflow fix attempt.
X-Git-Tag: 5.0.0~23
X-Git-Url: https://git.unchartedbackwaters.co.uk/w/?a=commitdiff_plain;h=a34e60989c46d34f502bba7837dafcddfb216900;p=francis%2Fwinuae.git

Another sprite buffer overflow fix attempt.
---

diff --git a/custom.cpp b/custom.cpp
index e657e420..28bb4794 100644
--- a/custom.cpp
+++ b/custom.cpp
@@ -550,7 +550,7 @@ int bogusframe;
 
 /* Recording of custom chip register changes.  */
 static int current_change_set;
-static struct sprite_entry sprite_entries[2][MAX_SPR_PIXELS / 16];
+static struct sprite_entry sprite_entries[2][MAX_SPR_PIXELS / 32];
 static struct color_change color_changes[2][MAX_REG_CHANGE];
 
 struct decision line_decisions[2 * (MAXVPOS + MAXVPOS_WRAPLINES) + 1];
@@ -561,6 +561,7 @@ static struct color_entry color_tables[2][COLOR_TABLE_SIZE];
 static int next_sprite_entry = 0, last_sprite_entry = 0;
 static int prev_next_sprite_entry;
 static int next_sprite_forced = 1;
+static int spixels_max;
 
 struct sprite_entry *curr_sprite_entries, *prev_sprite_entries;
 struct color_change *curr_color_changes, *prev_color_changes;
@@ -5564,6 +5565,9 @@ static void record_sprite(int num, int sprxp, uae_u16 *data, uae_u16 *datb, unsi
 	if (next_sprite_entry >= last_sprite_entry) {
 		return;
 	}
+	if (e->first_pixel >= spixels_max) {
+		return;
+	}
 
 	half = 0;
 	dbl = sprite_buffer_res - sprres;
@@ -11500,7 +11504,8 @@ void init_hardware_for_drawing_frame(void)
 	}
 	prev_next_sprite_entry = next_sprite_entry;
 	next_sprite_entry = 0;
-	last_sprite_entry = MAX_SPR_PIXELS - 1;
+	last_sprite_entry = MAX_SPR_PIXELS - 2;
+	spixels_max = sizeof(spixels) / sizeof(*spixels) - MAX_PIXELS_PER_LINE;
 
 	next_lineno = calculate_lineno(vpos);
 	last_color_change = 0;
diff --git a/include/drawing.h b/include/drawing.h
index 30f251b4..dbdd1fcc 100644
--- a/include/drawing.h
+++ b/include/drawing.h
@@ -260,7 +260,7 @@ struct color_change {
 #define MAXVPOS_WRAPLINES 10
 
 /* No divisors for MAX_PIXELS_PER_LINE; we support AGA and SHRES sprites */
-#define MAX_SPR_PIXELS ((((MAXVPOS + MAXVPOS_WRAPLINES) * 2 + 1) * MAX_PIXELS_PER_LINE) / 12)
+#define MAX_SPR_PIXELS ((((MAXVPOS + MAXVPOS_WRAPLINES) * 2 + 1) * MAX_PIXELS_PER_LINE) / 4)
 
 struct sprite_entry
 {