src/video/SDL_bmp.c


Log

Author Commit Date CI Message
Sylvain Becker 1b5e3c19 2019-09-05T10:08:47 SDL_bmp.c: remove unused variable warnings
Sam Lantinga 892c8d50 2019-09-03T11:55:20 Fixed bug 4536 - Heap-Buffer Overflow in SDL_GetRGB pertaining to SDL_pixels.c Ozkan Sezer As for the issue: This bmp reports bpp=0, therefore SDL_CalculatePitch() returns pitch==0, which is then fed to SDL_malloc() (which is malloc()) and malloc(0) returns _something_ which is not NULL but not someting that we expect.. Then testsprite.c:LoadSprite() accesses the pixels as *(Uint8*)pixels which valrind reports as: ==15533== Invalid read of size 1 ==15533== at 0x8048C08: LoadSprite (testsprite.c:45) ==15533== by 0x80492FC: main (testsprite.c:224) ==15533== Address 0x449e588 is 0 bytes after a block of size 0 alloc'd ==15533== at 0x40072B2: malloc (vg_replace_malloc.c:270) ==15533== by 0x4045719: SDL_CreateRGBSurface (SDL_surface.c:126) ==15533== by 0x40403C1: SDL_LoadBMP_RW (SDL_bmp.c:237) ==15533== by 0x8048BB2: LoadSprite (testsprite.c:36) ==15533== by 0x80492FC: main (testsprite.c:224) Besides, valrind also reports this: ==15533== Conditional jump or move depends on uninitialised value(s) ==15533== at 0x40403F3: SDL_LoadBMP_RW (SDL_bmp.c:247) ==15533== by 0x8048BB2: LoadSprite (testsprite.c:36) ==15533== by 0x80492FC: main (testsprite.c:224) Easy/quick solution would be early-rejecting a bmp with 0 bpp from SDL_bmp.c:SDL_LoadBMP_RW()
Ozkan Sezer b21338eb 2019-09-02T12:35:00 SDL_bmp.c: restore most of the original formatting.
Sylvain Becker 6c295129 2019-08-31T22:58:11 LoadBMP: fix some warnings
Sylvain Becker 830979c5 2019-08-31T22:52:15 LoadBMP: use code from SDL_image which allows loading compressed BMP files
Sam Lantinga 97fefd05 2019-07-30T11:00:00 Fixed bug 4538 - validate image size when loading BMP files
Sam Lantinga b2e76d86 2019-03-19T16:52:09 Fixed Windows RT build
Sam Lantinga 8bc59f87 2019-03-16T18:34:33 Fixed CVE-2019-7635 and bug 4498 - Heap-Buffer Overflow in Blit1to4 pertaining to SDL_blit_1.c Petr Pisar The root cause is that the POC BMP file declares 3 colors used and 4 bpp palette, but pixel at line 28 and column 1 (counted from 0) has color number 3. Then when the image loaded into a surface is passed to SDL_DisplayFormat(), in order to convert it to a video format, a used bliting function looks up a color number 3 in a 3-element long color bliting map. (The map obviously has the same number entries as the surface format has colors.) Proper fix should refuse broken BMP images that have a pixel with a color index higher than declared number of "used" colors. Possibly more advanced fix could try to relocate the out-of-range color index into a vacant index (if such exists).
Sam Lantinga ea4c4cfc 2019-02-18T07:50:33 Fixed bug 4500 - Heap-Buffer Overflow in Map1toN pertaining to SDL_pixels.c Petr Pisar The reproducer has these data in BITMAPINFOHEADER: biSize = 40 biBitCount = 8 biClrUsed = 131075 SDL_LoadBMP_RW() function passes biBitCount as a color depth to SDL_CreateRGBSurface(), thus 256-color pallete is allocated. But then biClrUsed colors are read from a file and stored into the palette. SDL_LoadBMP_RW should report an error if biClrUsed is greater than 2^biBitCount.
Sam Lantinga 5e13087b 2019-01-04T22:01:14 Updated copyright for 2019
Sam Lantinga e3cc5b2c 2018-01-03T10:03:25 Updated copyright for 2018
Ryan C. Gordon ca0bf151 2017-03-03T16:38:17 Fix some more compiler warnings on armcc.
Sam Lantinga 45b774e3 2017-01-01T18:33:28 Updated copyright for 2017
Sam Lantinga 0d24495b 2016-11-15T01:24:58 Removed unused constants Except for SDL_bmp.c where they are historically interesting and I've left them in.
Sam Lantinga 57d01d7d 2016-11-13T22:57:41 Patch from Sylvain to fix clang warnings
Sam Lantinga 36e40d30 2016-10-11T23:19:05 Fixed bug 2923 - Add SDL_PIXELFORMAT_RGBA32 for byte-wise 32bit RGBA data Daniel Gibson Ok, I followed the simple approach of just making SDL_PIXELFORMAT_RGBA32 an alias of SDL_PIXELFORMAT_RGBA8888/SDL_PIXELFORMAT_ABGR8888, depending on endianess. And I did the same for SDL_PIXELFORMAT_ARGB32, .._BGRA, .._ABGR. SDL_GetPixelFormatName() will of course return SDL_PIXELFORMAT_RGBA8888 (or SDL_PIXELFORMAT_ABGR8888) instead of SDL_PIXELFORMAT_RGBA32, but as long as that's mentioned in the docs it shouldn't be a problem.
Sam Lantinga 27d4f099 2016-10-07T23:40:44 Implemented SDL_GetHintBoolean() to make it easier to check boolean hints
Sam Lantinga 9fff05f8 2016-10-01T11:29:13 Fixed bug 3352 - Adding alpha mask support to SDL_SaveBMP_RW Simon Hug The current SDL_SaveBMP_RW function that saves surfaces to a BMP uses an old bitmap header which doesn't officially support alpha channels. Applications just ignore the byte where the alpha is stored. This can easily be extended by using a newer header version and setting the alpha mask. The attached patch has these changes: - Extending the description of the function in the SDL_surface.h header with the supported formats. - Refining when surfaces get stored to a 32-bit BMP. (Must have bit depth of 8 or higher and must have an alpha mask or colorkey.) - Fixing a small bug that saves 24-bit BGR surfaces with a colorkey in a 24-bit BMP. - Adding code that switches to the bitmap header version 4 if the surface has an alpha mask or colorkey. (I chose version 4 because Microsoft didn't lose its documentation behind a file cabinet like they did with version 3.) - Adding a hint that can disable the use of the version 4 header. This is for people that need the legacy header or like the old behavior better. (I'm not sure about the hint name, though. May need changing if there are any rules to that.)
Sam Lantinga 42065e78 2016-01-02T10:10:34 Updated copyright to 2016
Philipp Wiesemann 0e45984f 2015-06-21T17:33:46 Fixed crash if initialization of EGL failed but was tried again later. The internal function SDL_EGL_LoadLibrary() did not delete and remove a mostly uninitialized data structure if loading the library first failed. A later try to use EGL then skipped initialization and assumed it was previously successful because the data structure now already existed. This led to at least one crash in the internal function SDL_EGL_ChooseConfig() because a NULL pointer was dereferenced to make a call to eglBindAPI().
Sam Lantinga 2c4a6ea0 2015-05-26T06:27:46 Updated the copyright year to 2015
Ryan C. Gordon b72938c8 2015-04-20T12:22:44 Windows: Always set the system timer resolution to 1ms by default. An existing hint lets apps that don't need the timer resolution changed avoid this, to save battery, etc, but this fixes several problems in timing, audio callbacks not firing fast enough, etc. Fixes Bugzilla #2944.
Philipp Wiesemann 5a578a07 2015-04-16T22:04:35 Fixed return value of SDL_SaveBMP_RW() depending on set errors after NULL input. If SDL_SaveBMP_RW() was called with NULL passed as SDL_RWops argument, different values were returned depending on SDL_GetError(). If no error was set before the call (or SDL_ClearError() was called) then 0 was returned. This is wrong because nothing was saved. If an error was set before the call then -1 was returned. This was fixed by directly returning -1 for NULL input instead of deciding based on SDL_GetError(). No new error is set because this would otherwise override a maybe more useful error set in SDL_RWFromFile() which is used by SDL_SaveBMP().
Alex Szpakowski fe6c797c 2015-04-10T23:30:31 Fixed an iOS view orientation issue when SDL_GL_CreateContext or SDL_CreateRenderer is called.
Edward Rudd b88ca1b4 2015-02-10T16:28:56 the last parameter of XChangeProperty is the number of elements.. and when the element format is 32.. the element is "long" so we have 5 long elements here. Yes this seems confusing as on mac+linux Long is either 32 or 64bits depending on the architecture, but this is how the X11 protocol is defined. Thus 5 is the correct value for the nelts here. Not 5 or 10 depending on the architecture. More info on the confusion https://bugs.freedesktop.org/show_bug.cgi?id=16802
Philipp Wiesemann e3f9bf33 2015-02-08T22:50:16 Fixed two inconsistencies on failed allocation.
Philipp Wiesemann fe586d07 2015-02-08T21:25:37 Fixed three memory leaks on failed allocation.
Philipp Wiesemann b48e54aa 2015-01-26T22:00:29 Fixed bug 2802 - [patch] Fix android build compiling in wrong filesystem implementation Jonas Kulla The configure script didn't differentiate between Linux and Android, unconditionally compiling in the unix implementation of SDL_sysfilesystem.c. I'm probably one of the very few people building SDL for android using classic configure + standalone toolchain, so this has gone undetected all along.
David Ludwig 70438be2 2014-12-03T10:55:23 WinRT: fixed bug whereby SDL would override an app's default orientation WinRT apps can set a default, preferred orientation via a .appxmanifest file. SDL was overriding this on app startup, and making the app use all possible orientations (landscape and portrait). Thanks to Eric Wing for the heads up on this!
Philipp Wiesemann 9c398852 2014-11-22T22:20:40 Corrected header file documentation comment.
Pierre-Loup A. Griffais 24c86b55 2014-09-11T19:24:42 [X11] Reconcile logical keyboard state with physical state on FocusIn since the window system doesn't do it for us like other platforms. This prevents sticky keys and missed keys when going in and out of focus, for example Alt would appear to stick if switching away from an SDL app with Alt-Tab and had to be pressed again. CR: Sam
Ryan C. Gordon bcaae0b5 2014-09-08T01:36:22 Deal with various .bmp file format variants in SDL_LoadBMP_RW(). This helps when modern versions of The Gimp (and lots of other things) produces a 32-bit bitmap with an alpha channel, or anything with "BI_BITFIELDS" format, since that data is now embedded in the bitmap info header instead of directly following it and we would accidentally skip over embedded versions of it. Fixes Bugzilla #2714.
Ryan C. Gordon f7461cdc 2014-07-09T00:09:57 The Gimp puts out a different bogus color mask for 32-bit .bmp files. :)
Ryan C. Gordon a91f1a1a 2014-07-09T00:01:34 Make SDL_LoadBMP() work with 32-bit bitmaps from ImageMagick.
David Ludwig 3dcb451f 2014-04-09T21:29:19 Added a README file regarding WinRT support To note, this file is currently formatted with CRLF line endings, rather than LF, to allow the file to be viewed with Notepad.
Ryan C. Gordon dd81dad1 2014-03-24T07:12:26 Added an assert to help static analyzer.
Sam Lantinga 58edac3e 2014-02-02T00:53:27 Fixed bug 2374 - Update copyright for 2014... Is it that time already??
Gabriel Jacobo f848adff 2013-11-29T10:06:08 Improve Android pause/resume behavior.
Ryan C. Gordon 7e1289af 2013-11-24T23:56:17 Make internal SDL sources include SDL_internal.h instead of SDL_config.h The new header will include SDL_config.h, but allows for other global stuff.
Sam Lantinga 550676d0 2013-11-09T00:56:05 Fixed signed/unsigned warning
Sam Lantinga 95c67ed9 2013-11-07T19:15:58 Fixed bug 2219 - BMP loader do not handle big BITMAPINFOHEADER structure Patrice Mandin I encountered a problem trying to load a 8-bit paletted BMP file using SDL. This file was generated using GIMP 2.8. It has a big BITMAPINFOHEADER (0x6c bytes for biSize field), and thus the palette is incorrectly setup.
Sam Lantinga 3e2930de 2013-08-29T08:29:51 Christoph Mallon: Remove pointless if (x) before SDL_FreeSurface(x)
Gabriel Jacobo 1e49b1ed 2013-08-21T09:47:10 OCD fixes: Adds a space after /* (glory to regular expressions!)
Gabriel Jacobo 695344d1 2013-08-21T09:43:09 OCD fixes: Adds a space before */
Gabriel Jacobo dad42067 2013-08-12T11:13:50 Fixes #2022, do not resume on Android when surfaceChanged If the app is in landscape mode and the user presses the power button, a pause is followed immediately by a surfaceChanged event because the lock screen is shown in portrait mode. This triggers a "false" resume. So, we just pause and resume following the onWindowFocusChanged events. Also, wait for SDL_APP_WILLENTERBACKGROUND and SDL_APP_DIDENTERBACKGROUND before blocking the event pump.
Sam Lantinga 1ad936eb 2013-08-11T19:56:43 Fixed bug 2027 - Full-screen appears to be broken - hang in SDL_DestroyWindow() Rainer Deyke I'm running Linux Mint 15 with the Cinnamon window manager. SDL_DestroyWindow consistently locks up for me when the window if fullscreen.