From a391dd5fef70e0da4702d355b6331da5bf1f84a2 Mon Sep 17 00:00:00 2001 From: "Ryan C. Gordon" Date: Fri, 24 Nov 2023 19:29:39 -0500 Subject: [PATCH] rect: Avoid numeric overflow on massive lines in SDL_IntersectRectAndLine. Reference Issue #8301. Reference Issue #8113. --- src/video/SDL_rect.c | 2 ++ src/video/SDL_rect_impl.h | 17 +++++++++-------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/video/SDL_rect.c b/src/video/SDL_rect.c index e07a795d0..deef1c56a 100644 --- a/src/video/SDL_rect.c +++ b/src/video/SDL_rect.c @@ -89,6 +89,7 @@ SDL_bool SDL_GetSpanEnclosingRect(int width, int height, #define RECTTYPE SDL_Rect #define POINTTYPE SDL_Point #define SCALARTYPE int +#define BIGSCALARTYPE Sint64 #define COMPUTEOUTCODE ComputeOutCode #define SDL_HASINTERSECTION SDL_HasIntersection #define SDL_INTERSECTRECT SDL_IntersectRect @@ -101,6 +102,7 @@ SDL_bool SDL_GetSpanEnclosingRect(int width, int height, #define RECTTYPE SDL_FRect #define POINTTYPE SDL_FPoint #define SCALARTYPE float +#define BIGSCALARTYPE double #define COMPUTEOUTCODE ComputeOutCodeF #define SDL_HASINTERSECTION SDL_HasIntersectionF #define SDL_INTERSECTRECT SDL_IntersectFRect diff --git a/src/video/SDL_rect_impl.h b/src/video/SDL_rect_impl.h index 923092619..0dbf08f9d 100644 --- a/src/video/SDL_rect_impl.h +++ b/src/video/SDL_rect_impl.h @@ -378,16 +378,16 @@ SDL_bool SDL_INTERSECTRECTANDLINE(const RECTTYPE *rect, SCALARTYPE *X1, SCALARTY if (outcode1) { if (outcode1 & CODE_TOP) { y = recty1; - x = x1 + ((x2 - x1) * (y - y1)) / (y2 - y1); + x = (SCALARTYPE) (x1 + ((BIGSCALARTYPE)(x2 - x1) * (y - y1)) / (y2 - y1)); } else if (outcode1 & CODE_BOTTOM) { y = recty2; - x = x1 + ((x2 - x1) * (y - y1)) / (y2 - y1); + x = (SCALARTYPE) (x1 + ((BIGSCALARTYPE)(x2 - x1) * (y - y1)) / (y2 - y1)); } else if (outcode1 & CODE_LEFT) { x = rectx1; - y = y1 + ((y2 - y1) * (x - x1)) / (x2 - x1); + y = (SCALARTYPE) (y1 + ((BIGSCALARTYPE)(y2 - y1) * (x - x1)) / (x2 - x1)); } else if (outcode1 & CODE_RIGHT) { x = rectx2; - y = y1 + ((y2 - y1) * (x - x1)) / (x2 - x1); + y = (SCALARTYPE) (y1 + ((BIGSCALARTYPE)(y2 - y1) * (x - x1)) / (x2 - x1)); } x1 = x; y1 = y; @@ -396,23 +396,23 @@ SDL_bool SDL_INTERSECTRECTANDLINE(const RECTTYPE *rect, SCALARTYPE *X1, SCALARTY if (outcode2 & CODE_TOP) { SDL_assert(y2 != y1); /* if equal: division by zero. */ y = recty1; - x = x1 + ((x2 - x1) * (y - y1)) / (y2 - y1); + x = (SCALARTYPE) (x1 + ((BIGSCALARTYPE)(x2 - x1) * (y - y1)) / (y2 - y1)); } else if (outcode2 & CODE_BOTTOM) { SDL_assert(y2 != y1); /* if equal: division by zero. */ y = recty2; - x = x1 + ((x2 - x1) * (y - y1)) / (y2 - y1); + x = (SCALARTYPE) (x1 + ((BIGSCALARTYPE)(x2 - x1) * (y - y1)) / (y2 - y1)); } else if (outcode2 & CODE_LEFT) { /* If this assertion ever fires, here's the static analysis that warned about it: http://buildbot.libsdl.org/sdl-static-analysis/sdl-macosx-static-analysis/sdl-macosx-static-analysis-1101/report-b0d01a.html#EndPath */ SDL_assert(x2 != x1); /* if equal: division by zero. */ x = rectx1; - y = y1 + ((y2 - y1) * (x - x1)) / (x2 - x1); + y = (SCALARTYPE) (y1 + ((BIGSCALARTYPE)(y2 - y1) * (x - x1)) / (x2 - x1)); } else if (outcode2 & CODE_RIGHT) { /* If this assertion ever fires, here's the static analysis that warned about it: http://buildbot.libsdl.org/sdl-static-analysis/sdl-macosx-static-analysis/sdl-macosx-static-analysis-1101/report-39b114.html#EndPath */ SDL_assert(x2 != x1); /* if equal: division by zero. */ x = rectx2; - y = y1 + ((y2 - y1) * (x - x1)) / (x2 - x1); + y = (SCALARTYPE) (y1 + ((BIGSCALARTYPE)(y2 - y1) * (x - x1)) / (x2 - x1)); } x2 = x; y2 = y; @@ -429,6 +429,7 @@ SDL_bool SDL_INTERSECTRECTANDLINE(const RECTTYPE *rect, SCALARTYPE *X1, SCALARTY #undef RECTTYPE #undef POINTTYPE #undef SCALARTYPE +#undef BIGSCALARTYPE #undef COMPUTEOUTCODE #undef SDL_HASINTERSECTION #undef SDL_INTERSECTRECT