From 6e619747ccdd2c07666ebf9f16254d8ccd2b5373 Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@debian.org>
Date: Sat, 21 Nov 2015 16:12:41 +0100
Subject: [PATCH] Add bounds checking to map->isFoo() functions.

The Address Sanitizer found a possible out of bounds read while playing
Blobwars:

src/CMap.cpp:147:15: runtime error: index 300 out of bounds for type 'unsigned char [300]'
src/CMap.cpp:117:16: runtime error: index 300 out of bounds for type 'unsigned char [300]'
---
 src/CMap.cpp | 23 +++++++++++++++++++++++
 src/CMap.h   |  1 +
 2 files changed, 24 insertions(+)

diff --git a/src/CMap.cpp b/src/CMap.cpp
index 5fc21e9..aff505b 100644
--- a/src/CMap.cpp
+++ b/src/CMap.cpp
@@ -112,8 +112,19 @@ bool Map::isPracticeMission()
 	return false;
 }
 
+bool Map::isValid(int x, int y)
+{
+	if (x >= 0 && y >= 0 && x < MAPWIDTH && y < MAPHEIGHT)
+		return true;
+
+	return false;
+}
+
 bool Map::isSolid(int x, int y)
 {
+	if (!isValid(x, y))
+		return false;
+
 	if ((data[x][y] >= MAP_BREAKABLE) && (data[x][y] < MAP_DECORATION))
 	{
 		return true;
@@ -124,6 +135,9 @@ bool Map::isSolid(int x, int y)
 
 bool Map::isBreakable(int x, int y)
 {
+	if (!isValid(x, y))
+		return false;
+
 	if ((data[x][y] >= MAP_BREAKABLE) && (data[x][y] <= MAP_BREAKABLE2))
 	{
 		return true;
@@ -134,6 +148,9 @@ bool Map::isBreakable(int x, int y)
 
 bool Map::isNoReset(int x, int y)
 {
+	if (!isValid(x, y))
+		return false;
+
 	if ((data[x][y] >= MAP_NORESET) && (data[x][y] < MAP_DECORATION))
 	{
 		return true;
@@ -144,6 +161,9 @@ bool Map::isNoReset(int x, int y)
 
 bool Map::isLiquid(int x, int y)
 {
+	if (!isValid(x, y))
+		return false;
+
 	if (data[x][y] == 0)
 	{
 		return false;
@@ -162,6 +182,9 @@ bool Map::isLiquid(int x, int y)
 
 bool Map::isTopLayer(int x, int y)
 {
+	if (!isValid(x, y))
+		return false;
+
 	if (data[x][y] >= MAP_TOPLAYER)
 	{
 		return true;
diff --git a/src/CMap.h b/src/CMap.h
index 3a60d00..dd9632c 100644
--- a/src/CMap.h
+++ b/src/CMap.h
@@ -91,6 +91,7 @@ class Map {
 	void destroy();
 	
 	bool isPracticeMission();
+	bool isValid(int x, int y);
 	bool isSolid(int x, int y);
 	bool isBreakable(int x, int y);
 	bool isNoReset(int x, int y);
-- 
2.39.5