src/events/SDL_mouse_c.h
author Sam Lantinga <slouken@libsdl.org>
Mon, 18 Feb 2019 07:50:33 -0800
changeset 12612 07c39cbbeacf
parent 12503 806492103856
child 12688 cc45bcb16ef2
permissions -rw-r--r--
Fixed bug 4500 - Heap-Buffer Overflow in Map1toN pertaining to SDL_pixels.c

Petr Pisar

The reproducer has these data in BITMAPINFOHEADER:

biSize = 40
biBitCount = 8
biClrUsed = 131075

SDL_LoadBMP_RW() function passes biBitCount as a color depth to SDL_CreateRGBSurface(), thus 256-color pallete is allocated. But then biClrUsed colors are read from a file and stored into the palette. SDL_LoadBMP_RW should report an error if biClrUsed is greater than 2^biBitCount.
     1 /*
     2   Simple DirectMedia Layer
     3   Copyright (C) 1997-2019 Sam Lantinga <slouken@libsdl.org>
     4 
     5   This software is provided 'as-is', without any express or implied
     6   warranty.  In no event will the authors be held liable for any damages
     7   arising from the use of this software.
     8 
     9   Permission is granted to anyone to use this software for any purpose,
    10   including commercial applications, and to alter it and redistribute it
    11   freely, subject to the following restrictions:
    12 
    13   1. The origin of this software must not be misrepresented; you must not
    14      claim that you wrote the original software. If you use this software
    15      in a product, an acknowledgment in the product documentation would be
    16      appreciated but is not required.
    17   2. Altered source versions must be plainly marked as such, and must not be
    18      misrepresented as being the original software.
    19   3. This notice may not be removed or altered from any source distribution.
    20 */
    21 #include "../SDL_internal.h"
    22 
    23 #ifndef SDL_mouse_c_h_
    24 #define SDL_mouse_c_h_
    25 
    26 #include "SDL_mouse.h"
    27 
    28 typedef Uint32 SDL_MouseID;
    29 
    30 struct SDL_Cursor
    31 {
    32     struct SDL_Cursor *next;
    33     void *driverdata;
    34 };
    35 
    36 typedef struct
    37 {
    38     int last_x, last_y;
    39     Uint32 last_timestamp;
    40     Uint8 click_count;
    41 } SDL_MouseClickState;
    42 
    43 typedef struct
    44 {
    45     /* Create a cursor from a surface */
    46     SDL_Cursor *(*CreateCursor) (SDL_Surface * surface, int hot_x, int hot_y);
    47 
    48     /* Create a system cursor */
    49     SDL_Cursor *(*CreateSystemCursor) (SDL_SystemCursor id);
    50 
    51     /* Show the specified cursor, or hide if cursor is NULL */
    52     int (*ShowCursor) (SDL_Cursor * cursor);
    53 
    54     /* This is called when a mouse motion event occurs */
    55     void (*MoveCursor) (SDL_Cursor * cursor);
    56 
    57     /* Free a window manager cursor */
    58     void (*FreeCursor) (SDL_Cursor * cursor);
    59 
    60     /* Warp the mouse to (x,y) within a window */
    61     void (*WarpMouse) (SDL_Window * window, int x, int y);
    62 
    63     /* Warp the mouse to (x,y) in screen space */
    64     int (*WarpMouseGlobal) (int x, int y);
    65 
    66     /* Set relative mode */
    67     int (*SetRelativeMouseMode) (SDL_bool enabled);
    68 
    69     /* Set mouse capture */
    70     int (*CaptureMouse) (SDL_Window * window);
    71 
    72     /* Get absolute mouse coordinates. (x) and (y) are never NULL and set to zero before call. */
    73     Uint32 (*GetGlobalMouseState) (int *x, int *y);
    74 
    75     /* Data common to all mice */
    76     SDL_MouseID mouseID;
    77     SDL_Window *focus;
    78     int x;
    79     int y;
    80     int xdelta;
    81     int ydelta;
    82     int last_x, last_y;         /* the last reported x and y coordinates */
    83     float accumulated_wheel_x;
    84     float accumulated_wheel_y;
    85     Uint32 buttonstate;
    86     SDL_bool has_position;
    87     SDL_bool relative_mode;
    88     SDL_bool relative_mode_warp;
    89     float normal_speed_scale;
    90     float relative_speed_scale;
    91     float scale_accum_x;
    92     float scale_accum_y;
    93     Uint32 double_click_time;
    94     int double_click_radius;
    95     SDL_bool touch_mouse_events;
    96 
    97     /* Data for double-click tracking */
    98     int num_clickstates;
    99     SDL_MouseClickState *clickstate;
   100 
   101     SDL_Cursor *cursors;
   102     SDL_Cursor *def_cursor;
   103     SDL_Cursor *cur_cursor;
   104     SDL_bool cursor_shown;
   105 
   106     /* Driver-dependent data. */
   107     void *driverdata;
   108 } SDL_Mouse;
   109 
   110 
   111 /* Initialize the mouse subsystem */
   112 extern int SDL_MouseInit(void);
   113 
   114 /* Get the mouse state structure */
   115 SDL_Mouse *SDL_GetMouse(void);
   116 
   117 /* Set the default mouse cursor */
   118 extern void SDL_SetDefaultCursor(SDL_Cursor * cursor);
   119 
   120 /* Set the mouse focus window */
   121 extern void SDL_SetMouseFocus(SDL_Window * window);
   122 
   123 /* Send a mouse motion event */
   124 extern int SDL_SendMouseMotion(SDL_Window * window, SDL_MouseID mouseID, int relative, int x, int y);
   125 
   126 /* Send a mouse button event */
   127 extern int SDL_SendMouseButton(SDL_Window * window, SDL_MouseID mouseID, Uint8 state, Uint8 button);
   128 
   129 /* Send a mouse button event with a click count */
   130 extern int SDL_SendMouseButtonClicks(SDL_Window * window, SDL_MouseID mouseID, Uint8 state, Uint8 button, int clicks);
   131 
   132 /* Send a mouse wheel event */
   133 extern int SDL_SendMouseWheel(SDL_Window * window, SDL_MouseID mouseID, float x, float y, SDL_MouseWheelDirection direction);
   134 
   135 /* Shutdown the mouse subsystem */
   136 extern void SDL_MouseQuit(void);
   137 
   138 #endif /* SDL_mouse_c_h_ */
   139 
   140 /* vi: set ts=4 sw=4 expandtab: */