Mailing List Archive | ports@openbsd.org

Hi, love-0.10 and 11 ship with Polyline.cpp which has a loop that can access array at -1 offset as it doesn't check for vertex_count. I found this in 2 games (Arco, Moonring) and there may be more. Upstream accepted my PR [1], so best to fix our port, too! ok? [1] https://github.com/love2d/love/pull/2097 Index: 0.10/Makefile =================================================================== RCS file: /cvs/ports/games/love/0.10/Makefile,v diff -u -p -r1.4 Makefile --- 0.10/Makefile 28 Aug 2024 15:34:10 -0000 1.4 +++ 0.10/Makefile 22 Oct 2024 03:42:44 -0000 @@ -1,6 +1,6 @@ VERSION = 0.10.2 USE_LUAJIT = No -REVISION = 2 +REVISION = 3 SHARED_LIBS= love-${VERSION} 0.0 Index: 0.10/patches/patch-src_modules_graphics_opengl_Polyline_cpp =================================================================== RCS file: 0.10/patches/patch-src_modules_graphics_opengl_Polyline_cpp diff -N 0.10/patches/patch-src_modules_graphics_opengl_Polyline_cpp --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ 0.10/patches/patch-src_modules_graphics_opengl_Polyline_cpp 22 Oct 2024 03:42:44 -0000 @@ -0,0 +1,14 @@ +backport of https://github.com/love2d/love/pull/2097 + +Index: src/modules/graphics/opengl/Polyline.cpp +--- src/modules/graphics/opengl/Polyline.cpp.orig ++++ src/modules/graphics/opengl/Polyline.cpp +@@ -104,7 +104,7 @@ void Polyline::render(const float *coords, size_t coun + } + + // Add the degenerate triangle strip. +- if (extra_vertices) ++ if (extra_vertices && vertex_count > 0) + { + vertices[vertex_count + 0] = vertices[vertex_count - 1]; + vertices[vertex_count + 1] = vertices[overdraw_vertex_start]; Index: 11/Makefile =================================================================== RCS file: /cvs/ports/games/love/11/Makefile,v diff -u -p -r1.7 Makefile --- 11/Makefile 28 Aug 2024 15:34:10 -0000 1.7 +++ 11/Makefile 22 Oct 2024 03:42:44 -0000 @@ -3,7 +3,7 @@ NOT_FOR_ARCHS = ${BE_ARCHS} VERSION = 11.5 -REVISION = 1 +REVISION = 2 SHARED_LIBS = love-${VERSION} 0.0 Index: 11/patches/patch-src_modules_graphics_Polyline_cpp =================================================================== RCS file: 11/patches/patch-src_modules_graphics_Polyline_cpp diff -N 11/patches/patch-src_modules_graphics_Polyline_cpp --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ 11/patches/patch-src_modules_graphics_Polyline_cpp 22 Oct 2024 03:42:44 -0000 @@ -0,0 +1,14 @@ +backport of https://github.com/love2d/love/pull/2097 + +Index: src/modules/graphics/Polyline.cpp +--- src/modules/graphics/Polyline.cpp.orig ++++ src/modules/graphics/Polyline.cpp +@@ -100,7 +100,7 @@ void Polyline::render(const Vector2 *coords, size_t co + } + + // Add the degenerate triangle strip. +- if (extra_vertices) ++ if (extra_vertices && vertex_count > 0) + { + vertices[vertex_count + 0] = vertices[vertex_count - 1]; + vertices[vertex_count + 1] = vertices[overdraw_vertex_start];

2024-10-22 03:44 Thomas Frohwein:
love/{0.10,11} - backport fix for array out-of-bounds access
- 2024-10-22 09:28 Stuart Henderson:
  love/{0.10,11} - backport fix for array out-of-bounds access
- - 2024-10-22 09:30 Omar Polo:
    love/{0.10,11} - backport fix for array out-of-bounds access