[openjk] 07/23: [Shared] Fix crash when passing invalid animations to PM_AnimLength. Fixes #943. Ref #939. Thanks to @peter-kien for pointing out the cause of UB

[Simon McVittie]

This is an automated email from the git hooks/post-receive script.

smcv pushed a commit to branch debian/master
in repository openjk.

commit 92059a6bdd9a7a256e0a07d550c5fc4db4ddb8f4
Author: Razish <mrrazish at gmail.com>
Date:   Sun Dec 10 02:42:29 2017 +1100

    [Shared] Fix crash when passing invalid animations to PM_AnimLength. Fixes #943. Ref #939.
    Thanks to @peter-kien for pointing out the cause of UB
---
 code/game/bg_panimate.cpp    |  8 ++++----
 codeJK2/game/bg_panimate.cpp |  6 +++---
 codemp/game/bg_panimate.c    | 20 ++++++++------------
 3 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/code/game/bg_panimate.cpp b/code/game/bg_panimate.cpp
index b681329..a016cc6 100644
--- a/code/game/bg_panimate.cpp
+++ b/code/game/bg_panimate.cpp
@@ -4373,12 +4373,12 @@ PM_AnimLength
 -------------------------
 */
 
-int PM_AnimLength( int index, animNumber_t anim )
-{
-	if ( ValidAnimFileIndex( index ) == false )
+int PM_AnimLength( int index, animNumber_t anim ) {
+	if ( !ValidAnimFileIndex( index ) || (int)anim < 0 || anim >= MAX_ANIMATIONS ) {
 		return 0;
+	}
 
-	return level.knownAnimFileSets[index].animations[anim].numFrames * abs(level.knownAnimFileSets[index].animations[anim].frameLerp);
+	return level.knownAnimFileSets[index].animations[anim].numFrames * abs( level.knownAnimFileSets[index].animations[anim].frameLerp );
 }
 
 /*
diff --git a/codeJK2/game/bg_panimate.cpp b/codeJK2/game/bg_panimate.cpp
index 7fd2c7c..91ecc83 100644
--- a/codeJK2/game/bg_panimate.cpp
+++ b/codeJK2/game/bg_panimate.cpp
@@ -2035,10 +2035,10 @@ PM_AnimLength
 -------------------------
 */
 
-int PM_AnimLength( int index, animNumber_t anim )
-{
-	if ( ValidAnimFileIndex( index ) == false )
+int PM_AnimLength( int index, animNumber_t anim ) {
+	if ( !ValidAnimFileIndex( index ) || (int)anim < 0 || anim >= MAX_ANIMATIONS ) {
 		return 0;
+	}
 
 	return level.knownAnimFileSets[index].animations[anim].numFrames * fabs((double)(level.knownAnimFileSets[index].animations[anim].frameLerp));
 }
diff --git a/codemp/game/bg_panimate.c b/codemp/game/bg_panimate.c
index 8b7b22f..3f6b9be 100644
--- a/codemp/game/bg_panimate.c
+++ b/codemp/game/bg_panimate.c
@@ -1589,25 +1589,21 @@ and anim number. Obviously does not take things like the length of the
 anim while force speeding (as an example) and whatnot into account.
 =============
 */
-int BG_AnimLength( int index, animNumber_t anim )
-{
-	if (anim >= MAX_ANIMATIONS)
-	{
-		return -1;
+int BG_AnimLength( int index, animNumber_t anim ) {
+	if ( (int)anim < 0 || anim >= MAX_ANIMATIONS ) {
+		return 0;
 	}
 
-	return bgAllAnims[index].anims[anim].numFrames * fabs((float)(bgAllAnims[index].anims[anim].frameLerp));
+	return bgAllAnims[index].anims[anim].numFrames * fabs( (float)(bgAllAnims[index].anims[anim].frameLerp) );
 }
 
 //just use whatever pm->animations is
-int PM_AnimLength( int index, animNumber_t anim )
-{
-	if (anim >= MAX_ANIMATIONS || !pm->animations)
-	{
-		return -1;
+int PM_AnimLength( int index, animNumber_t anim ) {
+	if ( !pm->animations || (int)anim < 0 || anim >= MAX_ANIMATIONS ) {
+		return 0;
 	}
 
-	return pm->animations[anim].numFrames * fabs((float)(pm->animations[anim].frameLerp));
+	return pm->animations[anim].numFrames * fabs( (float)(pm->animations[anim].frameLerp) );
 }
 
 void PM_DebugLegsAnim(int anim)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/openjk.git