(svn r2619) Fix: [viewport] Fix potential buffer overflow reported by Tron

author: ludde <ludde@openttd.org> 2005-07-17 18:36:47 +0000
committer: ludde <ludde@openttd.org> 2005-07-17 18:36:47 +0000
commit: abc9376308722131db34896d5f98740f664632e6 (patch)
tree: f4cb4e53bd440b35708dd6dbcc61089345ded3ea
parent: 39c9b8a665eba9bcbc0878b899145a8e74a96bbd (diff)
download: openttd-abc9376308722131db34896d5f98740f664632e6.tar.xz
1 files changed, 5 insertions, 1 deletions
diff --git a/viewport.c b/viewport.c
index 3cb0bda0e..7e1f23173 100644
--- a/viewport.c
+++ b/viewport.c
@@ -61,6 +61,10 @@ typedef struct ParentSpriteToDraw {
 	byte tile_z_bottom;
 } ParentSpriteToDraw;
 
+// Quick hack to know how much memory to reserve when allocating from the spritelist
+// to prevent a buffer overflow.
+#define LARGEST_SPRITELIST_STRUCT ParentSpriteToDraw
+
 typedef struct ViewportDrawer {
 	DrawPixelInfo dpi;
 
@@ -1236,7 +1240,7 @@ void ViewportDoDraw(const ViewPort *vp, int left, int top, int right, int bottom
 	vd.parent_list = parent_list;
 	vd.eof_parent_list = &parent_list[lengthof(parent_list)];
 	vd.spritelist_mem = mem;
-	vd.eof_spritelist_mem = &mem[sizeof(mem) - 0x40];
+	vd.eof_spritelist_mem = &mem[sizeof(mem) - sizeof(LARGEST_SPRITELIST_STRUCT)];
 	vd.last_string = &vd.first_string;
 	vd.first_string = NULL;
 	vd.last_tile = &vd.first_tile;
author	ludde <ludde@openttd.org>	2005-07-17 18:36:47 +0000
committer	ludde <ludde@openttd.org>	2005-07-17 18:36:47 +0000
commit	abc9376308722131db34896d5f98740f664632e6 (patch)
tree	f4cb4e53bd440b35708dd6dbcc61089345ded3ea
parent	39c9b8a665eba9bcbc0878b899145a8e74a96bbd (diff)
download	openttd-abc9376308722131db34896d5f98740f664632e6.tar.xz