From dd2c369df34ebe61a9820eda18bfe535ab47342b Mon Sep 17 00:00:00 2001 From: Alibek Omarov Date: Sat, 17 Feb 2024 22:14:27 +0300 Subject: [PATCH] engine: imagelib: fix integer overflow on huge images when calculating reflectivity --- engine/common/imagelib/img_bmp.c | 2 +- engine/common/imagelib/img_tga.c | 2 +- engine/common/imagelib/img_wad.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/engine/common/imagelib/img_bmp.c b/engine/common/imagelib/img_bmp.c index d4edb2e1..921bb1e4 100644 --- a/engine/common/imagelib/img_bmp.c +++ b/engine/common/imagelib/img_bmp.c @@ -28,7 +28,7 @@ qboolean Image_LoadBMP( const char *name, const byte *buffer, fs_offset_t filesi rgba_t palette[256] = { 0 }; int i, columns, column, rows, row, bpp = 1; int cbPalBytes = 0, padSize = 0, bps = 0; - int reflectivity[3] = { 0, 0, 0 }; + uint reflectivity[3] = { 0, 0, 0 }; qboolean load_qfont = false; bmp_t bhdr; fs_offset_t estimatedSize; diff --git a/engine/common/imagelib/img_tga.c b/engine/common/imagelib/img_tga.c index 59228bdf..d675147d 100644 --- a/engine/common/imagelib/img_tga.c +++ b/engine/common/imagelib/img_tga.c @@ -29,7 +29,7 @@ qboolean Image_LoadTGA( const char *name, const byte *buffer, fs_offset_t filesi rgba_t palette[256]; byte red = 0, green = 0, blue = 0, alpha = 0; int readpixelcount, pixelcount; - int reflectivity[3] = { 0, 0, 0 }; + uint reflectivity[3] = { 0, 0, 0 }; qboolean compressed; tga_t targa_header; diff --git a/engine/common/imagelib/img_wad.c b/engine/common/imagelib/img_wad.c index e6d4f779..a66ec426 100644 --- a/engine/common/imagelib/img_wad.c +++ b/engine/common/imagelib/img_wad.c @@ -360,7 +360,7 @@ qboolean Image_LoadMIP( const char *name, const byte *buffer, fs_offset_t filesi byte *fin, *pal; int ofs[4], rendermode; int i, pixels, numcolors; - int reflectivity[3] = { 0, 0, 0 }; + uint reflectivity[3] = { 0, 0, 0 }; if( filesize < sizeof( mip )) return false;