From d61eb7edeeded1c230148b3b6742a47fe508a80f Mon Sep 17 00:00:00 2001 From: mazmazz Date: Mon, 31 Dec 2018 01:26:25 -0500 Subject: [PATCH 1/3] Increase ChangeControl text buffer to resolve buffer overflow with System Menu/GIF control config --- src/m_menu.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/m_menu.c b/src/m_menu.c index 266bc251..16015078 100644 --- a/src/m_menu.c +++ b/src/m_menu.c @@ -7516,7 +7516,7 @@ static void M_DrawControl(void) } static INT32 controltochange; -static char controltochangetext[55]; +static char controltochangetext[33]; static void M_ChangecontrolResponse(event_t *ev) { @@ -7588,7 +7588,8 @@ static void M_ChangecontrolResponse(event_t *ev) } else if (ch == KEY_PAUSE) { - static char tmp[155]; + // This buffer assumes a 100-character message plus a 32-character control name (per controltochangetext buffer size) + static char tmp[133]; menu_t *prev = currentMenu->prevMenu; if (controltochange == gc_pause) @@ -7612,12 +7613,14 @@ static void M_ChangecontrolResponse(event_t *ev) static void M_ChangeControl(INT32 choice) { - static char tmp[55]; + // This buffer assumes a 35-character message (per below) plus a max control name limit of 32 chars (per controltochangetext) + // If you change the below message, then change the size of this buffer! + static char tmp[68]; controltochange = currentMenu->menuitems[choice].alphaKey; sprintf(tmp, M_GetText("Hit the new key for\n%s\nESC for Cancel"), currentMenu->menuitems[choice].text); - strncpy(controltochangetext, currentMenu->menuitems[choice].text, 55); + strlcpy(controltochangetext, currentMenu->menuitems[choice].text, 33); M_StartMessage(tmp, M_ChangecontrolResponse, MM_EVENTHANDLER); } From c97dc5d3c421299757811fcbf610071de327c4f3 Mon Sep 17 00:00:00 2001 From: Digiku Date: Fri, 4 Jan 2019 19:38:36 -0500 Subject: [PATCH 2/3] Increase M_ChangecontrolResponse message buffer by 25 chars --- src/m_menu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/m_menu.c b/src/m_menu.c index 16015078..c241a088 100644 --- a/src/m_menu.c +++ b/src/m_menu.c @@ -7588,8 +7588,8 @@ static void M_ChangecontrolResponse(event_t *ev) } else if (ch == KEY_PAUSE) { - // This buffer assumes a 100-character message plus a 32-character control name (per controltochangetext buffer size) - static char tmp[133]; + // This buffer assumes a 125-character message plus a 32-character control name (per controltochangetext buffer size) + static char tmp[158]; menu_t *prev = currentMenu->prevMenu; if (controltochange == gc_pause) From b18a8dbc8dd1e721a758f5e96a6f34c2e526b2b2 Mon Sep 17 00:00:00 2001 From: Sryder Date: Sun, 20 Jan 2019 18:49:46 +0000 Subject: [PATCH 3/3] Disable the APNG code if the version of libpng is greater than 1.4. Since supposedly the current code *can't* work with newer versions of libpng that have the apng patch, it won't compile if that's what people have. It seems like some distros are adding the apng patch to libpng and that'll make things annoying to compile for people. I think it goes without saying, but if there's ever a fix to make newer libpng versions work with the APNG code then this can be reverted. --- src/m_misc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/m_misc.c b/src/m_misc.c index 7dd0d822..c99fa173 100644 --- a/src/m_misc.c +++ b/src/m_misc.c @@ -93,7 +93,9 @@ typedef off_t off64_t; #ifdef PNG_WRITE_SUPPORTED #define USE_PNG // Only actually use PNG if write is supported. #if defined (PNG_WRITE_APNG_SUPPORTED) //|| !defined(PNG_STATIC) - #define USE_APNG + #if (PNG_LIBPNG_VER_MAJOR) == 1 && (PNG_LIBPNG_VER_MINOR <= 4) // Supposedly, the current APNG code can't work on newer versions as is + #define USE_APNG + #endif #endif // See hardware/hw_draw.c for a similar check to this one. #endif