From a96ecac8f64e31661ee8d9b6217e6041c6a25cb1 Mon Sep 17 00:00:00 2001 From: Ricardo Quesada Date: Wed, 18 Jan 2017 16:39:32 -0800 Subject: [PATCH] fixes buffer overflow in color in pasteTiles() --- src/commands.cpp | 2 ++ src/state.cpp | 9 ++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/commands.cpp b/src/commands.cpp index b223dec..104e747 100644 --- a/src/commands.cpp +++ b/src/commands.cpp @@ -101,6 +101,8 @@ PasteCommand::PasteCommand(State* state, int charIndex, const State::CopyRange& if (copyRange.type == State::CopyRange::CHARS || copyRange.type == State::CopyRange::TILES) { sizeToCopy = State::CHAR_BUFFER_SIZE + State::TILE_COLORS_BUFFER_SIZE; + Q_ASSERT(copyRange.bufferSize == sizeToCopy && "Invalid bufferSize"); + _copyBuffer = (quint8*)malloc(sizeToCopy); _origBuffer = (quint8*)malloc(sizeToCopy); } diff --git a/src/state.cpp b/src/state.cpp index e956d1d..bc8842e 100644 --- a/src/state.cpp +++ b/src/state.cpp @@ -694,10 +694,11 @@ void State::_setMapSize(const QSize& mapSize) { const int newSizeInBytes = mapSize.width() * mapSize.height(); quint8* newMap = (quint8*) malloc(newSizeInBytes); + Q_ASSERT(newMap && "No memory"); + for (int i=0; i= (256 / tileSize))