From: Stuart Henderson <stu@spacehopper.org>
Subject: Re: love/{0.10,11} - backport fix for array out-of-bounds access
To: Thomas Frohwein <tfrohwein@fastmail.com>
Cc: op@omarpolo.com, ports@openbsd.org
Date: Tue, 22 Oct 2024 10:28:12 +0100

On 2024/10/21 23:44, Thomas Frohwein wrote:
> Hi,
> 
> love-0.10 and 11 ship with Polyline.cpp which has a loop that can
> access array at -1 offset as it doesn't check for vertex_count. I found
> this in 2 games (Arco, Moonring) and there may be more. Upstream
> accepted my PR [1], so best to fix our port, too!
> 
> ok?

As it was committed upstream I'd prefer to reference the commit than the
PR, so if somebody else updates they don't need to check whether it was
committed - I'd normally do that by copying the header (From/Date/Subject
lines) from the git patch 
https://github.com/love2d/love/commit/b2785df4373f0af13b0e3d518badae2f2beae8c5.patch
(or just linking to the commit works too)

With that, OK


> [1] https://github.com/love2d/love/pull/2097

> Index: 0.10/Makefile
> ===================================================================
> RCS file: /cvs/ports/games/love/0.10/Makefile,v
> diff -u -p -r1.4 Makefile
> --- 0.10/Makefile	28 Aug 2024 15:34:10 -0000	1.4
> +++ 0.10/Makefile	22 Oct 2024 03:42:44 -0000
> @@ -1,6 +1,6 @@
>  VERSION =		0.10.2
>  USE_LUAJIT =		No
> -REVISION =		2
> +REVISION =		3
>  
>  SHARED_LIBS=		love-${VERSION}	0.0
>  
> Index: 0.10/patches/patch-src_modules_graphics_opengl_Polyline_cpp
> ===================================================================
> RCS file: 0.10/patches/patch-src_modules_graphics_opengl_Polyline_cpp
> diff -N 0.10/patches/patch-src_modules_graphics_opengl_Polyline_cpp
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ 0.10/patches/patch-src_modules_graphics_opengl_Polyline_cpp	22 Oct 2024 03:42:44 -0000
> @@ -0,0 +1,14 @@
> +backport of https://github.com/love2d/love/pull/2097
> +
> +Index: src/modules/graphics/opengl/Polyline.cpp
> +--- src/modules/graphics/opengl/Polyline.cpp.orig
> ++++ src/modules/graphics/opengl/Polyline.cpp
> +@@ -104,7 +104,7 @@ void Polyline::render(const float *coords, size_t coun
> + 	}
> + 
> + 	// Add the degenerate triangle strip.
> +-	if (extra_vertices)
> ++	if (extra_vertices && vertex_count > 0)
> + 	{
> + 		vertices[vertex_count + 0] = vertices[vertex_count - 1];
> + 		vertices[vertex_count + 1] = vertices[overdraw_vertex_start];
> Index: 11/Makefile
> ===================================================================
> RCS file: /cvs/ports/games/love/11/Makefile,v
> diff -u -p -r1.7 Makefile
> --- 11/Makefile	28 Aug 2024 15:34:10 -0000	1.7
> +++ 11/Makefile	22 Oct 2024 03:42:44 -0000
> @@ -3,7 +3,7 @@
>  NOT_FOR_ARCHS =		${BE_ARCHS}
>  
>  VERSION =		11.5
> -REVISION =		1
> +REVISION =		2
>  
>  SHARED_LIBS =		love-${VERSION}	0.0
>  
> Index: 11/patches/patch-src_modules_graphics_Polyline_cpp
> ===================================================================
> RCS file: 11/patches/patch-src_modules_graphics_Polyline_cpp
> diff -N 11/patches/patch-src_modules_graphics_Polyline_cpp
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ 11/patches/patch-src_modules_graphics_Polyline_cpp	22 Oct 2024 03:42:44 -0000
> @@ -0,0 +1,14 @@
> +backport of https://github.com/love2d/love/pull/2097
> +
> +Index: src/modules/graphics/Polyline.cpp
> +--- src/modules/graphics/Polyline.cpp.orig
> ++++ src/modules/graphics/Polyline.cpp
> +@@ -100,7 +100,7 @@ void Polyline::render(const Vector2 *coords, size_t co
> + 	}
> + 
> + 	// Add the degenerate triangle strip.
> +-	if (extra_vertices)
> ++	if (extra_vertices && vertex_count > 0)
> + 	{
> + 		vertices[vertex_count + 0] = vertices[vertex_count - 1];
> + 		vertices[vertex_count + 1] = vertices[overdraw_vertex_start];