From: Toni Wilen Date: Sun, 30 Oct 2022 14:09:18 +0000 (+0200) Subject: Fix uaegfx overlay bounds check X-Git-Tag: 41000~96 X-Git-Url: https://git.unchartedbackwaters.co.uk/w/?a=commitdiff_plain;h=b340bdb06423af101b5414780a24ae5bd15290b0;p=francis%2Fwinuae.git Fix uaegfx overlay bounds check --- diff --git a/od-win32/picasso96_win.cpp b/od-win32/picasso96_win.cpp index 8947706b..17fcb4e3 100644 --- a/od-win32/picasso96_win.cpp +++ b/od-win32/picasso96_win.cpp @@ -81,7 +81,7 @@ int debug_rtg_blitter = 3; #define NOBLITTER (0 || !(debug_rtg_blitter & 1)) #define NOBLITTER_BLIT (0 || !(debug_rtg_blitter & 2)) -#define NOBLITTER_ALL 0 +#define NOBLITTER_ALL 1 static int hwsprite = 0; static int picasso96_BT = BT_uaegfx; @@ -5376,22 +5376,28 @@ static void picasso_flushoverlay(int index, uae_u8 *src, int scr_offset, uae_u8 return; uae_u8 *vram_end = src + gfxmem_banks[0]->allocated_size; + uae_u8 *dst_end = dst + vidinfo->height * vidinfo->rowbytes; uae_u8 *s = src + overlay_vram_offset; uae_u8 *ss = src + scr_offset; int mx = overlay_src_width_in * 256 / overlay_w; int my = overlay_src_height_in * 256 / overlay_h; int y = 0; + int split = 0; if (vidinfo->splitypos >= 0) { split = vidinfo->splitypos; } + for (int dy = 0; dy < overlay_h; dy++) { - if (s + (y >> 8) * overlay_src_width_in * overlay_pix > vram_end) + if (s + (y >> 8) * overlay_src_width_in * overlay_pix > vram_end) { break; - if (ss + (overlay_y + dy + split) * state->BytesPerRow > vram_end) + } + if (ss + (overlay_y + dy + split) * state->BytesPerRow > vram_end) { break; - if (dst + (overlay_y + dy + split) * vidinfo->rowbytes > vram_end) + } + if (dst + (overlay_y + dy + split) * vidinfo->rowbytes > dst_end) { break; + } copyrow_scale(monid, s, ss, dst, 0, (y >> 8), mx, overlay_src_width_in, overlay_src_width * overlay_pix, overlay_pix, state->BytesPerRow, state->BytesPerPixel, @@ -6662,7 +6668,7 @@ static uaecptr uaegfx_card_install (TrapContext *ctx, uae_u32 extrasize) if (uaegfx_old || !(gfxmem_bank.flags & ABFLAG_MAPPED)) return 0; - uaegfx_resid = ds (_T("UAE Graphics Card 3.4")); + uaegfx_resid = ds (_T("UAE Graphics Card 4.0")); uaegfx_vblankname = ds (_T("UAE Graphics Card VBLANK")); uaegfx_portsname = ds (_T("UAE Graphics Card PORTS"));