Author: Dan Dennedy <dan@dennedy.org>
Last-Update: 2014-04-27
Forwarded: yes
Origin: upstream, http://git.dyne.org/frei0r/commit/?id=fc84121
Description: Fix array out-of-bounds error in partik0l.
When using rand(), it may make sense to use RAND_MAX. But in a build
made on MinGW RAND_MAX is equivalent to a SHRT_MAX, which results in
crashes in blossom_recal() due to accessing the prime array outside of
its bounds. INT_MAX was chosen because on Linux, RAND_MAX is equivalent
to INT_MAX, and UINT_MAX gives different results visually.
---
src/generator/partik0l/partik0l.cpp | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/src/generator/partik0l/partik0l.cpp b/src/generator/partik0l/partik0l.cpp
index 6dd5a8a..87728c7 100644
--- a/src/generator/partik0l/partik0l.cpp
+++ b/src/generator/partik0l/partik0l.cpp
@@ -38,6 +38,7 @@
#include <time.h>
#include <inttypes.h>
+#include <limits.h>
/* defines for blob size and roundness */
#define LIM 8 // 25
@@ -185,13 +186,13 @@ void Partik0l::update() {
void Partik0l::blossom_recal(bool r) {
- float z = ((PRIMES-2)*fastrand()/RAND_MAX)+1;
- blossom_m = 1.0+(30.0)*fastrand()/RAND_MAX;
- blossom_n = 1.0+(30.0)*fastrand()/RAND_MAX;
- blossom_i = prime[ (int) (z*fastrand()/RAND_MAX) ];
- blossom_j = prime[ (int) (z*fastrand()/RAND_MAX) ];
- blossom_k = prime[ (int) (z*fastrand()/RAND_MAX) ];
- blossom_l = prime[ (int) (z*fastrand()/RAND_MAX) ];
+ float z = ((PRIMES-2)*fastrand()/INT_MAX)+1;
+ blossom_m = 1.0+(30.0)*fastrand()/INT_MAX;
+ blossom_n = 1.0+(30.0)*fastrand()/INT_MAX;
+ blossom_i = prime[ (int) (z*fastrand()/INT_MAX) ];
+ blossom_j = prime[ (int) (z*fastrand()/INT_MAX) ];
+ blossom_k = prime[ (int) (z*fastrand()/INT_MAX) ];
+ blossom_l = prime[ (int) (z*fastrand()/INT_MAX) ];
wd = (double)w;
hd = (double)h;
if(r)
--
2.0.0.rc2