src/SDL_internal.h
author Sam Lantinga <slouken@libsdl.org>
Mon, 18 Feb 2019 07:50:33 -0800
changeset 12612 07c39cbbeacf
parent 12503 806492103856
permissions -rw-r--r--
Fixed bug 4500 - Heap-Buffer Overflow in Map1toN pertaining to SDL_pixels.c

Petr Pisar

The reproducer has these data in BITMAPINFOHEADER:

biSize = 40
biBitCount = 8
biClrUsed = 131075

SDL_LoadBMP_RW() function passes biBitCount as a color depth to SDL_CreateRGBSurface(), thus 256-color pallete is allocated. But then biClrUsed colors are read from a file and stored into the palette. SDL_LoadBMP_RW should report an error if biClrUsed is greater than 2^biBitCount.
icculus@8093
     1
/*
icculus@8093
     2
  Simple DirectMedia Layer
slouken@12503
     3
  Copyright (C) 1997-2019 Sam Lantinga <slouken@libsdl.org>
icculus@8093
     4
icculus@8093
     5
  This software is provided 'as-is', without any express or implied
icculus@8093
     6
  warranty.  In no event will the authors be held liable for any damages
icculus@8093
     7
  arising from the use of this software.
icculus@8093
     8
icculus@8093
     9
  Permission is granted to anyone to use this software for any purpose,
icculus@8093
    10
  including commercial applications, and to alter it and redistribute it
icculus@8093
    11
  freely, subject to the following restrictions:
icculus@8093
    12
icculus@8093
    13
  1. The origin of this software must not be misrepresented; you must not
icculus@8093
    14
     claim that you wrote the original software. If you use this software
icculus@8093
    15
     in a product, an acknowledgment in the product documentation would be
icculus@8093
    16
     appreciated but is not required.
icculus@8093
    17
  2. Altered source versions must be plainly marked as such, and must not be
icculus@8093
    18
     misrepresented as being the original software.
icculus@8093
    19
  3. This notice may not be removed or altered from any source distribution.
icculus@8093
    20
*/
slouken@10638
    21
#ifndef SDL_internal_h_
slouken@10638
    22
#define SDL_internal_h_
icculus@8093
    23
slouken@10607
    24
/* Many of SDL's features require _GNU_SOURCE on various platforms */
slouken@10604
    25
#ifndef _GNU_SOURCE
slouken@10604
    26
#define _GNU_SOURCE
slouken@10604
    27
#endif
slouken@10604
    28
icculus@10680
    29
/* This is for a variable-length array at the end of a struct:
icculus@10680
    30
    struct x { int y; char z[SDL_VARIABLE_LENGTH_ARRAY]; };
icculus@10680
    31
   Use this because GCC 2 needs different magic than other compilers. */
icculus@11726
    32
#if (defined(__GNUC__) && (__GNUC__ <= 2)) || defined(__CC_ARM) || defined(__cplusplus)
icculus@10680
    33
#define SDL_VARIABLE_LENGTH_ARRAY 1
icculus@10680
    34
#else
icculus@10680
    35
#define SDL_VARIABLE_LENGTH_ARRAY
icculus@10680
    36
#endif
icculus@10680
    37
icculus@12349
    38
#define SDL_MAX_SMALL_ALLOC_STACKSIZE 128
icculus@12349
    39
#define SDL_small_alloc(type, count, pisstack) ( (*(pisstack) = ((sizeof(type)*(count)) < SDL_MAX_SMALL_ALLOC_STACKSIZE)), (*(pisstack) ? SDL_stack_alloc(type, count) : (type*)SDL_malloc(sizeof(type)*(count))) )
icculus@12349
    40
#define SDL_small_free(ptr, isstack) if ((isstack)) { SDL_stack_free(ptr); } else { SDL_free(ptr); }
icculus@12349
    41
icculus@8094
    42
#include "dynapi/SDL_dynapi.h"
icculus@8094
    43
icculus@8094
    44
#if SDL_DYNAMIC_API
icculus@8094
    45
#include "dynapi/SDL_dynapi_overrides.h"
icculus@8094
    46
/* force DECLSPEC and SDLCALL off...it's all internal symbols now.
icculus@8094
    47
   These will have actual #defines during SDL_dynapi.c only */
icculus@8094
    48
#define DECLSPEC
icculus@8094
    49
#define SDLCALL
icculus@8094
    50
#endif
icculus@8094
    51
icculus@8093
    52
#include "SDL_config.h"
icculus@8093
    53
slouken@10638
    54
#endif /* SDL_internal_h_ */
icculus@8093
    55
icculus@8093
    56
/* vi: set ts=4 sw=4 expandtab: */