Home Explore Help
Sign In
cpp
/
love2d.love
mirror of https://github.com/love2d/love.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix out of bounds memory access in Buffer:setArrayData with matrices.

Issue #1986
Sasha Szpakowski 1 year ago
parent
d7e0856dc6
commit
9b537ede2b
1 changed files with 20 additions and 9 deletions
Split View Show Diff Stats
  1. 20 9
      src/modules/graphics/wrap_Buffer.cpp

+ 20 - 9
src/modules/graphics/wrap_Buffer.cpp
View File 

@@ -66,6 +66,17 @@ static inline size_t writeUNormData(lua_State *L, int startidx, int components,
 
 	return sizeof(T) * components;
 
 }
 
 
+template <typename T>
 
+static inline size_t writeDataRequired(lua_State *L, int startidx, int components, char *data)
 
+{
 
+	auto componentdata = (T*)data;
 
+
 
+	for (int i = 0; i < components; i++)
 
+		componentdata[i] = (T)(luaL_checknumber(L, startidx + i));
 
+
 
+	return sizeof(T) * components;
 
+}
 
+
 
 void luax_writebufferdata(lua_State *L, int startidx, DataFormat format, char *data)
 
 {
 
 	switch (format)
 
@@ -75,17 +86,17 @@ void luax_writebufferdata(lua_State *L, int startidx, DataFormat format, char *d
 
 		case DATAFORMAT_FLOAT_VEC3: writeData<float>(L, startidx, 3, data); break;
 
 		case DATAFORMAT_FLOAT_VEC4: writeData<float>(L, startidx, 4, data); break;
 
 
-		case DATAFORMAT_FLOAT_MAT2X2: writeData<float>(L, startidx, 4, data); break;
 
-		case DATAFORMAT_FLOAT_MAT2X3: writeData<float>(L, startidx, 6, data); break;
 
-		case DATAFORMAT_FLOAT_MAT2X4: writeData<float>(L, startidx, 8, data); break;
 
+		case DATAFORMAT_FLOAT_MAT2X2: writeDataRequired<float>(L, startidx, 4, data); break;
 
+		case DATAFORMAT_FLOAT_MAT2X3: writeDataRequired<float>(L, startidx, 6, data); break;
 
+		case DATAFORMAT_FLOAT_MAT2X4: writeDataRequired<float>(L, startidx, 8, data); break;
 
 
-		case DATAFORMAT_FLOAT_MAT3X2: writeData<float>(L, startidx, 6, data); break;
 
-		case DATAFORMAT_FLOAT_MAT3X3: writeData<float>(L, startidx, 9, data); break;
 
-		case DATAFORMAT_FLOAT_MAT3X4: writeData<float>(L, startidx, 12, data); break;
 
+		case DATAFORMAT_FLOAT_MAT3X2: writeDataRequired<float>(L, startidx, 6, data); break;
 
+		case DATAFORMAT_FLOAT_MAT3X3: writeDataRequired<float>(L, startidx, 9, data); break;
 
+		case DATAFORMAT_FLOAT_MAT3X4: writeDataRequired<float>(L, startidx, 12, data); break;
 
 
-		case DATAFORMAT_FLOAT_MAT4X2: writeData<float>(L, startidx, 8, data); break;
 
-		case DATAFORMAT_FLOAT_MAT4X3: writeData<float>(L, startidx, 12, data); break;
 
-		case DATAFORMAT_FLOAT_MAT4X4: writeData<float>(L, startidx, 16, data); break;
 
+		case DATAFORMAT_FLOAT_MAT4X2: writeDataRequired<float>(L, startidx, 8, data); break;
 
+		case DATAFORMAT_FLOAT_MAT4X3: writeDataRequired<float>(L, startidx, 12, data); break;
 
+		case DATAFORMAT_FLOAT_MAT4X4: writeDataRequired<float>(L, startidx, 16, data); break;
 
 
 		case DATAFORMAT_INT32:      writeData<int32>(L, startidx, 1, data); break;
 
 		case DATAFORMAT_INT32_VEC2: writeData<int32>(L, startidx, 2, data); break;