diff options
Diffstat (limited to 'gdx/jni/com.badlogic.gdx.graphics.glutils.ETC1.cpp')
-rw-r--r-- | gdx/jni/com.badlogic.gdx.graphics.glutils.ETC1.cpp | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/gdx/jni/com.badlogic.gdx.graphics.glutils.ETC1.cpp b/gdx/jni/com.badlogic.gdx.graphics.glutils.ETC1.cpp index 94dc321f9..0c6eabdca 100644 --- a/gdx/jni/com.badlogic.gdx.graphics.glutils.ETC1.cpp +++ b/gdx/jni/com.badlogic.gdx.graphics.glutils.ETC1.cpp @@ -1,4 +1,7 @@ #include <com.badlogic.gdx.graphics.glutils.ETC1.h> +#include <android/log.h> + +#define APP_LOG "GDX" //@line:196 @@ -86,9 +89,29 @@ JNIEXPORT void JNICALL Java_com_badlogic_gdx_graphics_glutils_ETC1_decodeImage(J //@line:249 - etc1_decode_image((etc1_byte*)compressedData + offset, (etc1_byte*)decodedData + offsetDec, width, height, pixelSize, width * pixelSize);
- - + // Nothing to decode, or no target + if (compressedData == 0 || decodedData == 0) { + __android_log_print(ANDROID_LOG_VERBOSE, APP_LOG, "Invalid buffers, null pointer."); + return; + } + + /// Verify if requested bounds are valid + jlong compressedLength = env->GetDirectBufferCapacity(obj_compressedData); + jlong decodedLength = env->GetDirectBufferCapacity(obj_decodedData); + if (offset < 0 || compressedLength - offset > decodedLength - offsetDec) { + __android_log_print(ANDROID_LOG_VERBOSE, + APP_LOG, "Invalid buffers, would cause heap overflow. %lu > %lu", + compressedLength - offset, + decodedLength - offsetDec); + return; + } + + etc1_decode_image((etc1_byte*)compressedData + offset, + (etc1_byte*)decodedData + offsetDec, + width, + height, + pixelSize, + width * pixelSize); } static inline jobject wrapped_Java_com_badlogic_gdx_graphics_glutils_ETC1_encodeImage |