src/sensor/dummy/SDL_dummysensor.c
author Sam Lantinga <slouken@libsdl.org>
Mon, 18 Feb 2019 07:50:33 -0800
changeset 12612 07c39cbbeacf
parent 12503 806492103856
permissions -rw-r--r--
Fixed bug 4500 - Heap-Buffer Overflow in Map1toN pertaining to SDL_pixels.c

Petr Pisar

The reproducer has these data in BITMAPINFOHEADER:

biSize = 40
biBitCount = 8
biClrUsed = 131075

SDL_LoadBMP_RW() function passes biBitCount as a color depth to SDL_CreateRGBSurface(), thus 256-color pallete is allocated. But then biClrUsed colors are read from a file and stored into the palette. SDL_LoadBMP_RW should report an error if biClrUsed is greater than 2^biBitCount.
     1 /*
     2   Simple DirectMedia Layer
     3   Copyright (C) 1997-2019 Sam Lantinga <slouken@libsdl.org>
     4 
     5   This software is provided 'as-is', without any express or implied
     6   warranty.  In no event will the authors be held liable for any damages
     7   arising from the use of this software.
     8 
     9   Permission is granted to anyone to use this software for any purpose,
    10   including commercial applications, and to alter it and redistribute it
    11   freely, subject to the following restrictions:
    12 
    13   1. The origin of this software must not be misrepresented; you must not
    14      claim that you wrote the original software. If you use this software
    15      in a product, an acknowledgment in the product documentation would be
    16      appreciated but is not required.
    17   2. Altered source versions must be plainly marked as such, and must not be
    18      misrepresented as being the original software.
    19   3. This notice may not be removed or altered from any source distribution.
    20 */
    21 
    22 #include "SDL_config.h"
    23 
    24 #if defined(SDL_SENSOR_DUMMY) || defined(SDL_SENSOR_DISABLED)
    25 
    26 #include "SDL_error.h"
    27 #include "SDL_sensor.h"
    28 #include "SDL_dummysensor.h"
    29 #include "../SDL_syssensor.h"
    30 
    31 static int
    32 SDL_DUMMY_SensorInit(void)
    33 {
    34     return 0;
    35 }
    36 
    37 static int
    38 SDL_DUMMY_SensorGetCount(void)
    39 {
    40     return 0;
    41 }
    42 
    43 static void
    44 SDL_DUMMY_SensorDetect(void)
    45 {
    46 }
    47 
    48 static const char *
    49 SDL_DUMMY_SensorGetDeviceName(int device_index)
    50 {
    51     return NULL;
    52 }
    53 
    54 static SDL_SensorType
    55 SDL_DUMMY_SensorGetDeviceType(int device_index)
    56 {
    57     return SDL_SENSOR_INVALID;
    58 }
    59 
    60 static int
    61 SDL_DUMMY_SensorGetDeviceNonPortableType(int device_index)
    62 {
    63     return -1;
    64 }
    65 
    66 static SDL_SensorID
    67 SDL_DUMMY_SensorGetDeviceInstanceID(int device_index)
    68 {
    69     return -1;
    70 }
    71 
    72 static int
    73 SDL_DUMMY_SensorOpen(SDL_Sensor *sensor, int device_index)
    74 {
    75     return SDL_Unsupported();
    76 }
    77     
    78 static void
    79 SDL_DUMMY_SensorUpdate(SDL_Sensor *sensor)
    80 {
    81 }
    82 
    83 static void
    84 SDL_DUMMY_SensorClose(SDL_Sensor *sensor)
    85 {
    86 }
    87 
    88 static void
    89 SDL_DUMMY_SensorQuit(void)
    90 {
    91 }
    92 
    93 SDL_SensorDriver SDL_DUMMY_SensorDriver =
    94 {
    95     SDL_DUMMY_SensorInit,
    96     SDL_DUMMY_SensorGetCount,
    97     SDL_DUMMY_SensorDetect,
    98     SDL_DUMMY_SensorGetDeviceName,
    99     SDL_DUMMY_SensorGetDeviceType,
   100     SDL_DUMMY_SensorGetDeviceNonPortableType,
   101     SDL_DUMMY_SensorGetDeviceInstanceID,
   102     SDL_DUMMY_SensorOpen,
   103     SDL_DUMMY_SensorUpdate,
   104     SDL_DUMMY_SensorClose,
   105     SDL_DUMMY_SensorQuit,
   106 };
   107 
   108 #endif /* SDL_SENSOR_DUMMY || SDL_SENSOR_DISABLED */
   109 
   110 /* vi: set ts=4 sw=4 expandtab: */