From 9a96032e202a787779695962eecb2ed29a2338f8 Mon Sep 17 00:00:00 2001 From: mittorn Date: Sat, 28 Oct 2023 10:13:25 +0300 Subject: [PATCH] ref_soft,ref_gl: fix unaligned read in sprite code --- ref/gl/gl_sprite.c | 29 +++++++++++++++++------------ ref/soft/r_sprite.c | 26 +++++++++++++++----------- 2 files changed, 32 insertions(+), 23 deletions(-) diff --git a/ref/gl/gl_sprite.c b/ref/gl/gl_sprite.c index 6703a781..2622b2df 100644 --- a/ref/gl/gl_sprite.c +++ b/ref/gl/gl_sprite.c @@ -46,7 +46,7 @@ R_SpriteLoadFrame upload a single frame ==================== */ -static const dframetype_t *R_SpriteLoadFrame( model_t *mod, const void *pin, mspriteframe_t **ppframe, int num ) +static const byte *R_SpriteLoadFrame( model_t *mod, const void *pin, mspriteframe_t **ppframe, int num ) { dspriteframe_t pinframe; mspriteframe_t *pspriteframe; @@ -82,7 +82,7 @@ static const dframetype_t *R_SpriteLoadFrame( model_t *mod, const void *pin, msp pspriteframe->gl_texturenum = gl_texturenum; *ppframe = pspriteframe; - return ( const dframetype_t* )(( const byte* )pin + sizeof( dspriteframe_t ) + pinframe.width * pinframe.height * bytes ); + return (( const byte* )pin + sizeof( dspriteframe_t ) + pinframe.width * pinframe.height * bytes ); } /* @@ -92,7 +92,7 @@ R_SpriteLoadGroup upload a group frames ==================== */ -static const dframetype_t *R_SpriteLoadGroup( model_t *mod, const void *pin, mspriteframe_t **ppframe, int framenum ) +static const byte *R_SpriteLoadGroup( model_t *mod, const void *pin, mspriteframe_t **ppframe, int framenum ) { const dspritegroup_t *pingroup; mspritegroup_t *pspritegroup; @@ -128,9 +128,10 @@ static const dframetype_t *R_SpriteLoadGroup( model_t *mod, const void *pin, msp ptemp = R_SpriteLoadFrame( mod, ptemp, &pspritegroup->frames[i], framenum * 10 + i ); } - return (const dframetype_t *)ptemp; + return ptemp; } + /* ==================== Mod_LoadSpriteModel @@ -142,7 +143,8 @@ void Mod_LoadSpriteModel( model_t *mod, const void *buffer, qboolean *loaded, ui { const dsprite_t *pin; const short *numi = NULL; - const dframetype_t *pframetype; + const byte *pframetype; + dframetype_t dframetype; msprite_t *psprite; int i; @@ -152,7 +154,7 @@ void Mod_LoadSpriteModel( model_t *mod, const void *buffer, qboolean *loaded, ui if( pin->version == SPRITE_VERSION_Q1 || pin->version == SPRITE_VERSION_32 ) numi = NULL; else if( pin->version == SPRITE_VERSION_HL ) - numi = (const short *)(void *)((const byte*)buffer + sizeof( dsprite_hl_t )); + numi = (const short *)((const byte*)buffer + sizeof( dsprite_hl_t )); r_texFlags = texFlags; sprite_version = pin->version; @@ -164,7 +166,7 @@ void Mod_LoadSpriteModel( model_t *mod, const void *buffer, qboolean *loaded, ui rgbdata_t *pal; pal = gEngfuncs.FS_LoadImage( "#id.pal", (byte *)&i, 768 ); - pframetype = (const dframetype_t *)(void *)((const byte*)buffer + sizeof( dsprite_q1_t )); // pinq1 + 1 + pframetype = ((const byte*)buffer + sizeof( dsprite_q1_t )); // pinq1 + 1 gEngfuncs.FS_FreeImage( pal ); // palette installed, no reason to keep this data } else if( *numi == 256 ) @@ -186,7 +188,7 @@ void Mod_LoadSpriteModel( model_t *mod, const void *buffer, qboolean *loaded, ui break; } - pframetype = (const dframetype_t *)(void *)(src + 768); + pframetype = (const byte *)(src + 768); gEngfuncs.FS_FreeImage( pal ); // palette installed, no reason to keep this data } else @@ -200,22 +202,25 @@ void Mod_LoadSpriteModel( model_t *mod, const void *buffer, qboolean *loaded, ui for( i = 0; i < mod->numframes; i++ ) { - frametype_t frametype = pframetype->type; + frametype_t frametype; + + memcpy( &dframetype, pframetype, sizeof( dframetype )); + frametype = dframetype.type; psprite->frames[i].type = (spriteframetype_t)frametype; switch( frametype ) { case FRAME_SINGLE: Q_strncpy( group_suffix, "frame", sizeof( group_suffix )); - pframetype = R_SpriteLoadFrame( mod, pframetype + 1, &psprite->frames[i].frameptr, i ); + pframetype = R_SpriteLoadFrame( mod, pframetype + sizeof( dframetype_t ), &psprite->frames[i].frameptr, i ); break; case FRAME_GROUP: Q_strncpy( group_suffix, "group", sizeof( group_suffix )); - pframetype = R_SpriteLoadGroup( mod, pframetype + 1, &psprite->frames[i].frameptr, i ); + pframetype = R_SpriteLoadGroup( mod, pframetype + sizeof( dframetype_t ), &psprite->frames[i].frameptr, i ); break; case FRAME_ANGLED: Q_strncpy( group_suffix, "angle", sizeof( group_suffix )); - pframetype = R_SpriteLoadGroup( mod, pframetype + 1, &psprite->frames[i].frameptr, i ); + pframetype = R_SpriteLoadGroup( mod, pframetype + sizeof( dframetype_t ), &psprite->frames[i].frameptr, i ); break; } if( pframetype == NULL ) break; // technically an error diff --git a/ref/soft/r_sprite.c b/ref/soft/r_sprite.c index e00205f0..70368e9d 100644 --- a/ref/soft/r_sprite.c +++ b/ref/soft/r_sprite.c @@ -46,7 +46,7 @@ R_SpriteLoadFrame upload a single frame ==================== */ -static const dframetype_t *R_SpriteLoadFrame( model_t *mod, const void *pin, mspriteframe_t **ppframe, int num ) +static const byte *R_SpriteLoadFrame( model_t *mod, const void *pin, mspriteframe_t **ppframe, int num ) { dspriteframe_t pinframe; mspriteframe_t *pspriteframe; @@ -82,7 +82,7 @@ static const dframetype_t *R_SpriteLoadFrame( model_t *mod, const void *pin, msp pspriteframe->gl_texturenum = gl_texturenum; *ppframe = pspriteframe; - return ( const dframetype_t* )(( const byte* )pin + sizeof( dspriteframe_t ) + pinframe.width * pinframe.height * bytes ); + return ( const byte* )(( const byte* )pin + sizeof( dspriteframe_t ) + pinframe.width * pinframe.height * bytes ); } /* @@ -92,7 +92,7 @@ R_SpriteLoadGroup upload a group frames ==================== */ -static const dframetype_t *R_SpriteLoadGroup( model_t *mod, const void *pin, mspriteframe_t **ppframe, int framenum ) +static const void *R_SpriteLoadGroup( model_t *mod, const void *pin, mspriteframe_t **ppframe, int framenum ) { const dspritegroup_t *pingroup; mspritegroup_t *pspritegroup; @@ -128,7 +128,7 @@ static const dframetype_t *R_SpriteLoadGroup( model_t *mod, const void *pin, msp ptemp = R_SpriteLoadFrame( mod, ptemp, &pspritegroup->frames[i], framenum * 10 + i ); } - return (const dframetype_t *)ptemp; + return ptemp; } /* @@ -142,7 +142,8 @@ void Mod_LoadSpriteModel( model_t *mod, const void *buffer, qboolean *loaded, ui { const dsprite_t *pin; const short *numi = NULL; - const dframetype_t *pframetype; + const byte *pframetype; + dframetype_t dframetype; msprite_t *psprite; int i; @@ -164,7 +165,7 @@ void Mod_LoadSpriteModel( model_t *mod, const void *buffer, qboolean *loaded, ui rgbdata_t *pal; pal = gEngfuncs.FS_LoadImage( "#id.pal", (byte *)&i, 768 ); - pframetype = (const dframetype_t *)((const byte*)buffer + sizeof( dsprite_q1_t )); // pinq1 + 1 + pframetype = ((const byte*)buffer + sizeof( dsprite_q1_t )); // pinq1 + 1 gEngfuncs.FS_FreeImage( pal ); // palette installed, no reason to keep this data } else if( *numi == 256 ) @@ -186,7 +187,7 @@ void Mod_LoadSpriteModel( model_t *mod, const void *buffer, qboolean *loaded, ui break; } - pframetype = (const dframetype_t *)(src + 768); + pframetype = (const byte *)(src + 768); gEngfuncs.FS_FreeImage( pal ); // palette installed, no reason to keep this data } else @@ -200,22 +201,25 @@ void Mod_LoadSpriteModel( model_t *mod, const void *buffer, qboolean *loaded, ui for( i = 0; i < mod->numframes; i++ ) { - frametype_t frametype = pframetype->type; + frametype_t frametype; + + memcpy( &dframetype, pframetype, sizeof( dframetype )); + frametype = dframetype.type; psprite->frames[i].type = (spriteframetype_t)frametype; switch( frametype ) { case FRAME_SINGLE: Q_strncpy( group_suffix, "frame", sizeof( group_suffix )); - pframetype = R_SpriteLoadFrame( mod, pframetype + 1, &psprite->frames[i].frameptr, i ); + pframetype = R_SpriteLoadFrame( mod, pframetype + sizeof( dframetype_t ), &psprite->frames[i].frameptr, i ); break; case FRAME_GROUP: Q_strncpy( group_suffix, "group", sizeof( group_suffix )); - pframetype = R_SpriteLoadGroup( mod, pframetype + 1, &psprite->frames[i].frameptr, i ); + pframetype = R_SpriteLoadGroup( mod, pframetype + sizeof( dframetype_t ), &psprite->frames[i].frameptr, i ); break; case FRAME_ANGLED: Q_strncpy( group_suffix, "angle", sizeof( group_suffix )); - pframetype = R_SpriteLoadGroup( mod, pframetype + 1, &psprite->frames[i].frameptr, i ); + pframetype = R_SpriteLoadGroup( mod, pframetype + sizeof( dframetype_t ), &psprite->frames[i].frameptr, i ); break; } if( pframetype == NULL ) break; // technically an error