From: Omar Polo <op@omarpolo.com>
Subject: Re: love/{0.10,11} - backport fix for array out-of-bounds access
To: Thomas Frohwein <tfrohwein@fastmail.com>, ports@openbsd.org
Date: Tue, 22 Oct 2024 11:30:05 +0200

On 22/10/24 11:28, Stuart Henderson wrote:
> On 2024/10/21 23:44, Thomas Frohwein wrote:
>> Hi,
>>
>> love-0.10 and 11 ship with Polyline.cpp which has a loop that can
>> access array at -1 offset as it doesn't check for vertex_count. I found
>> this in 2 games (Arco, Moonring) and there may be more. Upstream
>> accepted my PR [1], so best to fix our port, too!
>>
>> ok?


Honestly I thought we already patched this when you opened the pr!

>> As it was committed upstream I'd prefer to reference the commit than the
>> PR, so if somebody else updates they don't need to check whether it was
>> committed - I'd normally do that by copying the header (From/Date/Subject
>> lines) from the git patch 
>> https://github.com/love2d/love/commit/b2785df4373f0af13b0e3d518badae2f2beae8c5.patch
>> (or just linking to the commit works too)
>>
>> With that, OK


ok op@ too