From 4b14c18d1334d65c6b1949dfbb554037448fd59f Mon Sep 17 00:00:00 2001 From: Hubert Jarosz Date: Sun, 28 Feb 2016 20:20:59 +0100 Subject: fix possible crash in platform/x11/joystick_linux.cpp ev may be tainted and out of MAX_KEY range, which will cause joy->key_map[ev.code] to crash --- platform/x11/joystick_linux.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/platform/x11/joystick_linux.cpp b/platform/x11/joystick_linux.cpp index 9a52c4ff36..0615f33f96 100644 --- a/platform/x11/joystick_linux.cpp +++ b/platform/x11/joystick_linux.cpp @@ -429,6 +429,12 @@ uint32_t joystick_linux::process_joysticks(uint32_t p_event_id) { for (int j = 0; j < len; j++) { input_event &ev = events[j]; + + // ev may be tainted and out of MAX_KEY range, which will cause + // joy->key_map[ev.code] to crash + if( ev.code < 0 || ev.code >= MAX_KEY ) + return p_event_id; + switch (ev.type) { case EV_KEY: p_event_id = input->joy_button(p_event_id, i, joy->key_map[ev.code], ev.value); -- cgit v1.2.3 From 96d6a74e25976c64657c5a060494e667d4ab3643 Mon Sep 17 00:00:00 2001 From: Hubert Jarosz Date: Sun, 28 Feb 2016 20:32:36 +0100 Subject: fix possible crash in tools/editor/spatial_editor_gizmos.cpp spatial_node and base where uninitialized, which could lead to crash --- tools/editor/spatial_editor_gizmos.cpp | 4 ++-- tools/editor/spatial_editor_gizmos.h | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/tools/editor/spatial_editor_gizmos.cpp b/tools/editor/spatial_editor_gizmos.cpp index d4bc701dad..3414e80482 100644 --- a/tools/editor/spatial_editor_gizmos.cpp +++ b/tools/editor/spatial_editor_gizmos.cpp @@ -708,7 +708,8 @@ void EditorSpatialGizmo::_bind_methods() { EditorSpatialGizmo::EditorSpatialGizmo() { valid=false; billboard_handle=false; - + base=NULL; + spatial_node=NULL; } EditorSpatialGizmo::~EditorSpatialGizmo(){ @@ -3219,4 +3220,3 @@ SpatialEditorGizmos::SpatialEditorGizmos() { } - diff --git a/tools/editor/spatial_editor_gizmos.h b/tools/editor/spatial_editor_gizmos.h index 346e360225..0162bcbf79 100644 --- a/tools/editor/spatial_editor_gizmos.h +++ b/tools/editor/spatial_editor_gizmos.h @@ -491,4 +491,3 @@ public: }; #endif // SPATIAL_EDITOR_GIZMOS_H - -- cgit v1.2.3 From 19ea9ae1e5ad51e22c32d4f6593e93c7ef58f491 Mon Sep 17 00:00:00 2001 From: Hubert Jarosz Date: Sun, 28 Feb 2016 20:37:43 +0100 Subject: fix possible crash in tools/editor/editor_import_export.cpp da could be NULL, and dereferencing NULL could lead to crash --- tools/editor/editor_import_export.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/editor/editor_import_export.cpp b/tools/editor/editor_import_export.cpp index a1fe875287..e02ffd337b 100644 --- a/tools/editor/editor_import_export.cpp +++ b/tools/editor/editor_import_export.cpp @@ -281,6 +281,7 @@ static void _edit_filter_list(Set& r_list,const String& p_filter,boo } DirAccess *da = DirAccess::open("res://"); + ERR_FAIL_NULL(da); _edit_files_with_filter(da,filters,r_list,exclude); memdelete(da); } @@ -2217,5 +2218,3 @@ EditorImportExport::~EditorImportExport() { } - - -- cgit v1.2.3 From bf7f9244a95962c9833e68743726fe83a00b732c Mon Sep 17 00:00:00 2001 From: Hubert Jarosz Date: Mon, 29 Feb 2016 23:36:19 +0100 Subject: fix two reading uninitialized pointers fixed in: tools/editor/project_settings.cpp scene/gui/graph_edit.cpp --- scene/gui/graph_edit.cpp | 2 +- tools/editor/project_settings.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scene/gui/graph_edit.cpp b/scene/gui/graph_edit.cpp index c9c9dbd1d2..9123194589 100644 --- a/scene/gui/graph_edit.cpp +++ b/scene/gui/graph_edit.cpp @@ -617,7 +617,7 @@ void GraphEdit::_input_event(const InputEvent& p_ev) { if (b.button_index==BUTTON_LEFT && b.pressed) { - GraphNode *gn; + GraphNode *gn = NULL; for(int i=get_child_count()-1;i>=0;i--) { gn=get_child(i)->cast_to(); diff --git a/tools/editor/project_settings.cpp b/tools/editor/project_settings.cpp index 88833e4963..4a7388fd54 100644 --- a/tools/editor/project_settings.cpp +++ b/tools/editor/project_settings.cpp @@ -966,7 +966,7 @@ void ProjectSettings::_autoload_delete(Object *p_item,int p_column, int p_button undo_redo->commit_action(); } else { - TreeItem *swap; + TreeItem *swap = NULL; if (p_button==1) { swap=ti->get_prev(); -- cgit v1.2.3 From 7b07bcaf449ea6cf52c2ac501e48cddbe4bde035 Mon Sep 17 00:00:00 2001 From: Hubert Jarosz Date: Tue, 1 Mar 2016 00:08:33 +0100 Subject: fix six possible "divide by zero" --- scene/3d/navigation.cpp | 8 +++++--- scene/gui/color_picker.cpp | 6 ++++-- servers/visual/visual_server_raster.cpp | 7 ++++--- tools/editor/plugins/editor_preview_plugins.cpp | 6 +++++- tools/editor/plugins/script_editor_plugin.cpp | 4 ++-- tools/editor/plugins/spatial_editor_plugin.cpp | 7 +++---- 6 files changed, 23 insertions(+), 15 deletions(-) diff --git a/scene/3d/navigation.cpp b/scene/3d/navigation.cpp index 186f0d8e00..2b74d43ad2 100644 --- a/scene/3d/navigation.cpp +++ b/scene/3d/navigation.cpp @@ -64,7 +64,11 @@ void Navigation::_navmesh_link(int p_id) { continue; } - p.center=center/plen; + p.center = center; + if( plen != 0 ) { + p.center /= plen; + } + //connect @@ -721,5 +725,3 @@ Navigation::Navigation() { last_id=1; up=Vector3(0,1,0); } - - diff --git a/scene/gui/color_picker.cpp b/scene/gui/color_picker.cpp index f8f8b1f6d1..bd24b43761 100644 --- a/scene/gui/color_picker.cpp +++ b/scene/gui/color_picker.cpp @@ -361,7 +361,10 @@ void ColorPicker::_preset_input(const InputEvent &ev) { emit_signal("color_changed", color); } else if (ev.type == InputEvent::MOUSE_MOTION) { const InputEventMouse &mev = ev.mouse_motion; - int index = mev.x/(preset->get_size().x/presets.size()); + int index = mev.x * presets.size(); + if( preset->get_size().x != 0 ) { + index /= preset->get_size().x; + } if (index<0 || index >= presets.size()) return; preset->set_tooltip("Color: #"+presets[index].to_html(presets[index].a<1)+"\n" @@ -684,4 +687,3 @@ ColorPickerButton::ColorPickerButton() { picker->connect("color_changed",this,"_color_changed"); add_child(popup); } - diff --git a/servers/visual/visual_server_raster.cpp b/servers/visual/visual_server_raster.cpp index c9695b7859..2ce0c9a360 100644 --- a/servers/visual/visual_server_raster.cpp +++ b/servers/visual/visual_server_raster.cpp @@ -5667,7 +5667,10 @@ void VisualServerRaster::_instance_validate_autorooms(Instance *p_geometry) { int pass = room->room_info->room->bounds.get_points_inside(dst_points,point_count); - float ratio = (float)pass / point_count; + float ratio = pass; + if( point_count != 0 ) { + ratio /= (float)point_count; + } if (ratio>0.5) // should make some constant p_geometry->valid_auto_rooms.insert(room); @@ -7670,5 +7673,3 @@ VisualServerRaster::VisualServerRaster(Rasterizer *p_rasterizer) { VisualServerRaster::~VisualServerRaster() { } - - diff --git a/tools/editor/plugins/editor_preview_plugins.cpp b/tools/editor/plugins/editor_preview_plugins.cpp index f3b5272571..12d50cd4b8 100644 --- a/tools/editor/plugins/editor_preview_plugins.cpp +++ b/tools/editor/plugins/editor_preview_plugins.cpp @@ -725,7 +725,11 @@ Ref EditorSamplePreviewPlugin::generate(const RES& p_from) { } else { half=1; ofs=h/2; - v = ((j-(h/2))/(float)(h/2)) * 2.0 - 1.0; + if( (float)(h/2) != 0 ) { + v = ((j-(h/2))/(float)(h/2)) * 2.0 - 1.0; + } else { + v = ((j-(h/2))/(float)(1/2)) * 2.0 - 1.0; + } } uint8_t* imgofs = &imgw[(j*w+i)*3]; diff --git a/tools/editor/plugins/script_editor_plugin.cpp b/tools/editor/plugins/script_editor_plugin.cpp index 2fb5dd619e..76c64beb61 100644 --- a/tools/editor/plugins/script_editor_plugin.cpp +++ b/tools/editor/plugins/script_editor_plugin.cpp @@ -1784,7 +1784,8 @@ void ScriptEditor::_update_script_colors() { if (h>hist_size) { continue; } - float v = Math::ease((edit_pass-pass)/float(hist_size),0.4); + int non_zero_hist_size = ( hist_size == 0 ) ? 1 : hist_size; + float v = Math::ease((edit_pass-pass)/float(non_zero_hist_size),0.4); script_list->set_item_custom_bg_color(i,hot_color.linear_interpolate(cold_color,v)); @@ -2704,4 +2705,3 @@ ScriptEditorPlugin::ScriptEditorPlugin(EditorNode *p_node) { ScriptEditorPlugin::~ScriptEditorPlugin() { } - diff --git a/tools/editor/plugins/spatial_editor_plugin.cpp b/tools/editor/plugins/spatial_editor_plugin.cpp index e787c74702..79ff78ca0d 100644 --- a/tools/editor/plugins/spatial_editor_plugin.cpp +++ b/tools/editor/plugins/spatial_editor_plugin.cpp @@ -2084,7 +2084,9 @@ void SpatialEditorViewport::_menu_option(int p_option) { count++; } - center/=float(count); + if( count != 0 ) { + center/=float(count); + } cursor.pos=center; } break; @@ -4240,6 +4242,3 @@ SpatialEditorPlugin::SpatialEditorPlugin(EditorNode *p_node) { SpatialEditorPlugin::~SpatialEditorPlugin() { } - - - -- cgit v1.2.3