ref_soft: Fix some UB

6 years ago · b0ed8a5ba3
6 changed files with 52 additions and 9 deletions
--- a/r_decals.c
+++ b/r_decals.c
@ -1173,6 +1173,8 @@ int R_CreateDecalList( decallist_t *pList )
 	int	total = 0;
 	int	i, depth;
 	return 0; // crash on changelevel. API bug?
 	if( WORLDMODEL )
 	{
 		for( i = 0; i < MAX_RENDER_DECALS; i++ )
--- a/r_image.c
+++ b/r_image.c
@ -531,9 +531,11 @@ static qboolean GL_UploadTexture( image_t *tex, rgbdata_t *pic )
 		texsize = GL_CalcTextureSize( width, height, tex->depth );
 		size = GL_CalcImageSize( pic->type, width, height, tex->depth );
 		//GL_TextureImageRAW( tex, i, j, width, height, tex->depth, pic->type, data );
-		tex->pixels[j] = Mem_Calloc( r_temppool, width * height * sizeof(pixel_t) + 64 );
+		// increase size to workaround triangle renderer bugs
 		// it seems to assume memory readable. maybe it was pointed to WAD?
 		tex->pixels[j] = (byte*)Mem_Calloc( r_temppool, width * height * sizeof(pixel_t) + 256 ) + 128;
 		if( j == 0 &&  tex->flags & TF_HAS_ALPHA )
-			tex->alpha_pixels = Mem_Calloc( r_temppool, width * height * sizeof(pixel_t) + 64 );
+			tex->alpha_pixels = (byte*)Mem_Calloc( r_temppool, width * height * sizeof(pixel_t) + 256 ) + 128;
 		for(i = 0; i < height * width; i++ )
 		{
--- a/r_local.h
+++ b/r_local.h
@ -1218,7 +1218,6 @@ extern cvar_t   *sw_maxedges;
 extern cvar_t   *sw_maxsurfs;
 extern cvar_t   *sw_mipcap;
 extern cvar_t   *sw_mipscale;
 extern cvar_t   *sw_mode;
 extern cvar_t   *sw_reportsurfout;
 extern cvar_t   *sw_reportedgeout;
 extern cvar_t   *sw_stipplealpha;
@ -1360,7 +1359,7 @@ void R_SetUpWorldTransform (void);
 // engine callbacks
 //
 #include "crtlib.h"
-
+#if 1
 #define Mem_Malloc( pool, size ) gEngfuncs._Mem_Alloc( pool, size, false, __FILE__, __LINE__ )
 #define Mem_Calloc( pool, size ) gEngfuncs._Mem_Alloc( pool, size, true, __FILE__, __LINE__ )
 #define Mem_Realloc( pool, ptr, size ) gEngfuncs._Mem_Realloc( pool, ptr, size, true, __FILE__, __LINE__ )
@ -1368,5 +1367,13 @@ void R_SetUpWorldTransform (void);
 #define Mem_AllocPool( name ) gEngfuncs._Mem_AllocPool( name, __FILE__, __LINE__ )
 #define Mem_FreePool( pool ) gEngfuncs._Mem_FreePool( pool, __FILE__, __LINE__ )
 #define Mem_EmptyPool( pool ) gEngfuncs._Mem_EmptyPool( pool, __FILE__, __LINE__ )
-
+#else
 #define Mem_Malloc( pool, size ) malloc(size)
 #define Mem_Calloc( pool, size ) calloc(1,size)
 #define Mem_Realloc( pool, ptr, size ) realloc(ptr, size)
 #define Mem_Free( mem ) free(mem)
 #define Mem_AllocPool( name ) gEngfuncs._Mem_AllocPool( name, __FILE__, __LINE__ )
 #define Mem_FreePool( pool ) gEngfuncs._Mem_FreePool( pool, __FILE__, __LINE__ )
 #define Mem_EmptyPool( pool ) gEngfuncs._Mem_EmptyPool( pool, __FILE__, __LINE__ )
 #endif
 #endif // GL_LOCAL_H
--- a/r_polyse.c
+++ b/r_polyse.c
@ -40,7 +40,7 @@ typedef struct {
 	void			*pdest;
 	short			*pz;
 	int				count;
-	byte			*ptex;
+	pixel_t			*ptex;
 	int				sfrac, tfrac, light, zi;
 } spanpackage_t;
@ -279,6 +279,9 @@ void R_PolysetScanLeftEdge_C(int height)
 		d_pedgespanpackage->light = d_light;
 		d_pedgespanpackage->zi = d_zi;
 		if( d_pedgespanpackage->ptex - (pixel_t*)r_affinetridesc.pskin < 0 )
 			d_pedgespanpackage->ptex = r_affinetridesc.pskin;
 		d_pedgespanpackage++;
 		errorterm += erroradjustup;
@ -291,6 +294,7 @@ void R_PolysetScanLeftEdge_C(int height)
 			d_sfrac += d_sfracextrastep;
 			d_ptex += d_sfrac >> 16;
 			d_sfrac &= 0xFFFF;
 			d_tfrac += d_tfracextrastep;
 			if (d_tfrac & 0x10000)
@ -856,6 +860,13 @@ void R_PolysetDrawSpans8_33( spanpackage_t *pspanpackage)
 			{
 				if ((lzi >> 16) >= *lpz)
 				{
 #if 0
 					if((int)(lptex - (pixel_t*)r_affinetridesc.pskin) > r_affinetridesc.skinwidth * r_affinetridesc.skinheight || (int)(lptex - (pixel_t*)r_affinetridesc.pskin) < 0 )
 					{
 						printf("%d %d %d %d\n",(int)(lptex - (pixel_t*)r_affinetridesc.pskin),  r_affinetridesc.skinwidth * r_affinetridesc.skinheight, lsfrac, a_ststepxwhole );
 						return;
 					}
 #endif
 					pixel_t temp = *lptex;//vid.colormap[*lptex + ( llight & 0xFF00 )];
 					int alpha = tr.blend * 7;
@ -1196,6 +1207,13 @@ void R_PolysetFillSpans8 (spanpackage_t *pspanpackage)
 						*lpdest = ((byte *)vid.colormap)[irtable[*lptex]];
 					else*/
 					//*lpdest = *lptex; //((byte *)vid.colormap)[*lptex + (llight & 0xFF00)];
 #if 0 // check for texture bounds to make asan happy
 					if((int)(lptex - (pixel_t*)r_affinetridesc.pskin) > r_affinetridesc.skinwidth * r_affinetridesc.skinheight || (int)(lptex - (pixel_t*)r_affinetridesc.pskin) < 0 )
 					{
 						printf("%d %d %d %d\n",(int)(lptex - (pixel_t*)r_affinetridesc.pskin),  r_affinetridesc.skinwidth * r_affinetridesc.skinheight, lsfrac, a_ststepxwhole );
 						return;
 					}
 #endif
 					pixel_t src = *lptex;
 					//*lpdest = //vid.colormap[src & 0xff00|(llight>>8)] << 8 | (src & llight & 0xff) | ((src & 0xff) >> 3);
 					// very dirty, maybe need dual colormap?
@ -1301,6 +1319,8 @@ void R_RasterizeAliasPolySmooth (void)
 	// FIXME: need to clamp l, s, t, at both ends?
 		d_pedgespanpackage->light = d_light;
 		d_pedgespanpackage->zi = d_zi;
 		if( d_pedgespanpackage->ptex - (pixel_t*)r_affinetridesc.pskin < 0 )
 			d_pedgespanpackage->ptex = r_affinetridesc.pskin;
 		d_pedgespanpackage++;
 	}
@ -1432,6 +1452,8 @@ void R_RasterizeAliasPolySmooth (void)
 		// FIXME: need to clamp l, s, t, at both ends?
 			d_pedgespanpackage->light = d_light;
 			d_pedgespanpackage->zi = d_zi;
 			if( d_pedgespanpackage->ptex - (pixel_t*)r_affinetridesc.pskin < 0 )
 				d_pedgespanpackage->ptex = r_affinetridesc.pskin;
 			d_pedgespanpackage++;
 		}
--- a/r_surf.c
+++ b/r_surf.c
@ -1026,6 +1026,16 @@ void R_DrawSurfaceDecals()
 				h = r_drawsurf.surfheight - y;
 			}
 			if( s1 < 0 )
 				s1 = 0;
 			if( t1 < 0 )
 				t1 = 0;
 			if( s2 > tex->width )
 				s2 = tex->width;
 			if( t2 > tex->height )
 				t2 = tex->height;
 			if( !tex->pixels[0] || s1 >= s2 || t1 >= t2 )
 				continue;
@ -1057,7 +1067,7 @@ void R_DrawSurfaceDecals()
 				{
 					f = 0;
-					fstep = s2*0x10000/w;
+					fstep = (s2-s1)*0x10000/w;
 					if( w == s2 - s1 )
 						fstep = 0x10000;
--- a/r_triapi.c
+++ b/r_triapi.c
@ -218,8 +218,8 @@ TriTexCoord2f
 void TriTexCoord2f( float u, float v )
 {
 	//pglTexCoord2f( u, v );
-	s = r_affinetridesc.skinwidth * u;
+	s = r_affinetridesc.skinwidth * bound(0,u,1);
-	t = r_affinetridesc.skinheight * v;
+	t = r_affinetridesc.skinheight * bound(0,v,1);
 }
 /*