Subject:
Re: sdl_gfx security error?
From:
Andreas Schiffler <aschiffler@ferzkopp.net>
Date:
Fri, 19 Sep 2008 20:18:38 -0700
To:
Paul Pedriana <ppedriana@gmail.com>

You are correct of course.

What it was supposed to do, is to reset all variables to zero as in:
   Uint32 R, G, B, A;
   R=G=B=A=0;
Thanks for finding this!

--AS

PS: Overlooking such things is what happens when one codes in C++, Perl, Python, Javascript, PHP, SQL, Lua and C# all at the same time. Never mind trying to learn Haskell ... :-)


Paul Pedriana wrote:
> I am referring to sdl_gfx 2.0.17, which I believe is recent. It has the following code:
>
>    int _putPixelAlpha(SDL_Surface * surface, Sint16 x, Sint16 y, Uint32 color, Uint8 alpha)
>    {
>        Uint32 Rmask = surface->format->Rmask, Gmask =
>        surface->format->Gmask, Bmask = surface->format->Bmask, Amask = surface->format->Amask;
>        Uint32 R, G, B, A = 0;
>        . . .
>    }
>
> This results in A being 0 and R, G, B being uninitialized. The following program:
>
>    #include <stdio.h>
>
>    int main(int, char**)
>   {
>        unsigned R, G, B, A = 0;
>        printf("%u %u %u %u", R, G, B, A);
>        return 0;
>    }
>
> prints output like so:
>
>        3435973836 3435973836 3435973836 0
>
> Am I possibly missing something?
>
> Paul
>
>
>
>
>
>> Paul Pedriana wrote:
>>> I'm looking at the source code to _putPixelAlpha and see what looks like a security error. In particular, it declares three uninitialized variables R, G, B and in the case of A == 0 and MODIFIED_ALPHA_PIXEL_ROUTINE writes them to the destination. Thus destination images with A=0 will reveal user stack data in invisible image bytes.
>>>
>>> Paul
>>>
>> Hi Paul,
>>
>> I don't follow ... R,G,B,A are all initialized to zero at the beginning of the routine.
>>
>> Cheers,
>> Andreas
>>
>

	
Andreas Schiffler <aschiffler@ferzkopp.net>
