From 6472928cf1443fdac73abee356709b7e529f62b4 Mon Sep 17 00:00:00 2001 From: Ray Date: Tue, 25 Apr 2023 14:16:48 +0200 Subject: [PATCH] REVIEWED: `ImageDrawRectangleRec()` #3027 --- src/rtextures.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/rtextures.c b/src/rtextures.c index 102e244b..3c535d9d 100644 --- a/src/rtextures.c +++ b/src/rtextures.c @@ -2692,9 +2692,9 @@ void ImageClearBackground(Image *dst, Color color) int bytesPerPixel = GetPixelDataSize(1, 1, dst->format); // Repeat the first pixel data throughout the image - for (int i = 1; i < dst->width * dst->height; i++) + for (int i = 1; i < dst->width*dst->height; i++) { - memcpy(pSrcPixel + i * bytesPerPixel, pSrcPixel, bytesPerPixel); + memcpy(pSrcPixel + i*bytesPerPixel, pSrcPixel, bytesPerPixel); } } @@ -2996,6 +2996,12 @@ void ImageDrawRectangleRec(Image *dst, Rectangle rec, Color color) // Security check to avoid program crash if ((dst->data == NULL) || (dst->width == 0) || (dst->height == 0)) return; + // Security check to avoid drawing out of bounds in case of bad user data + if (rec.x < 0) { rec.width -= rec.x; rec.x = 0; } + if (rec.y < 0) { rec.height -= rec.y; rec.y = 0; } + if (rec.width < 0) rec.width = 0; + if (rec.heigh < 0) rec.height = 0; + int sy = (int)rec.y; int ey = sy + (int)rec.height; @@ -3008,13 +3014,13 @@ void ImageDrawRectangleRec(Image *dst, Rectangle rec, Color color) // Fill in the first pixel of the row based on image format ImageDrawPixel(dst, sx, y, color); - int bytesOffset = ((y * dst->width) + sx) * bytesPerPixel; + int bytesOffset = ((y*dst->width) + sx)*bytesPerPixel; unsigned char *pSrcPixel = (unsigned char *)dst->data + bytesOffset; // Repeat the first pixel data throughout the row for (int x = 1; x < (int)rec.width; x++) { - memcpy(pSrcPixel + x * bytesPerPixel, pSrcPixel, bytesPerPixel); + memcpy(pSrcPixel + x*bytesPerPixel, pSrcPixel, bytesPerPixel); } } }