Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Undefined behavior in fheroes2::Flip() #8285

Closed
2 tasks done
oleg-derevenetz opened this issue Jan 14, 2024 · 0 comments · Fixed by #8286
Closed
2 tasks done

Undefined behavior in fheroes2::Flip() #8285

oleg-derevenetz opened this issue Jan 14, 2024 · 0 comments · Fixed by #8286
Assignees
@Districh-ru
Labels
bug Something doesn't work high priority Very critical change needed immediately
Milestone
1.0.12

Comments

@oleg-derevenetz
Copy link
Collaborator

oleg-derevenetz commented Jan 14, 2024
edited
Loading

Preliminary checks

Platform

macOS

Describe the bug

If output image is single-layer, transformOutY becomes nullptr:

fheroes2/src/engine/image.cpp

Line 2263 in 618cfd9

uint8_t * transformOutY = isOutSingleLayer ? nullptr : out.transform() + offsetOut;

But later transformOutY is subject to arithmetic operations, e.g. here:

fheroes2/src/engine/image.cpp

Line 2295 in 618cfd9

for ( ; imageOutY != imageOutYEnd; imageOutY += widthOut, transformOutY += widthOut, imageInY += widthIn, transformInY += widthIn ) {

which is undefined behavior - you only can add or subtract zero to/from nullptr, and that's all.

The same problem is probably present in other places where single-layer images are processed.

Save file

None needed.

Additional info

Credits: Clang UB Sanitizer.
@oleg-derevenetz oleg-derevenetz added the bug Something doesn't work label Jan 14, 2024
@oleg-derevenetz oleg-derevenetz added this to the 1.0.12 milestone Jan 14, 2024
@ihhub ihhub added the high priority Very critical change needed immediately label Jan 15, 2024
@Districh-ru Districh-ru self-assigned this Jan 15, 2024
@Districh-ru Districh-ru mentioned this issue Jan 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Districh-ru Districh-ru

Labels
bug Something doesn't work high priority Very critical change needed immediately
Projects
None yet
Milestone
1.0.12
Development

Successfully merging a pull request may close this issue.

Do not do operations with pointer to nullptr in image.cpp Districh-ru/fheroes2
3 participants
@ihhub @oleg-derevenetz @Districh-ru