From fda42f318a2f6508ed87e51a02bd588db2ddb464 Mon Sep 17 00:00:00 2001 From: Mathias Agopian Date: Mon, 1 Feb 2010 13:45:08 -0800 Subject: fix [2397853] glCopyTexImage2D crashes emulator Fixed a typo which would cause a buffer overflow --- opengl/libagl/texture.cpp | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'opengl/libagl/texture.cpp') diff --git a/opengl/libagl/texture.cpp b/opengl/libagl/texture.cpp index 2875c13721..fae89b9b4a 100644 --- a/opengl/libagl/texture.cpp +++ b/opengl/libagl/texture.cpp @@ -1389,9 +1389,20 @@ void glCopyTexImage2D( // (x,y) is the lower-left corner of colorBuffer y = cbSurface.height - (y + height); + /* The GLES spec says: + * If any of the pixels within the specified rectangle are outside + * the framebuffer associated with the current rendering context, + * then the values obtained for those pixels are undefined. + */ + if (x+width > GLint(cbSurface.width)) + width = cbSurface.width - x; + + if (y+height > GLint(cbSurface.height)) + height = cbSurface.height - y; + int err = copyPixels(c, txSurface, 0, 0, - cbSurface, x, y, cbSurface.width, cbSurface.height); + cbSurface, x, y, width, height); if (err) { ogles_error(c, err); } @@ -1439,6 +1450,17 @@ void glCopyTexSubImage2D( const GGLSurface& cbSurface = c->rasterizer.state.buffers.color.s; y = cbSurface.height - (y + height); + /* The GLES spec says: + * If any of the pixels within the specified rectangle are outside + * the framebuffer associated with the current rendering context, + * then the values obtained for those pixels are undefined. + */ + if (x+width > GLint(cbSurface.width)) + width = cbSurface.width - x; + + if (y+height > GLint(cbSurface.height)) + height = cbSurface.height - y; + int err = copyPixels(c, surface, xoffset, yoffset, cbSurface, x, y, width, height); -- cgit v1.2.3-59-g8ed1b