[wesnoth-commits] [wesnoth/wesnoth] d01dce: sdl: Prevent undefined behaviour in clip_rect_setter

[Charles Dang]

  Branch: refs/heads/master
  Home:   https://github.com/wesnoth/wesnoth
  Commit: d01dcef8df95e8bce9668ddce72bf979752a3bcc
      https://github.com/wesnoth/wesnoth/commit/d01dcef8df95e8bce9668ddce72bf979752a3bcc
  Author: Iris Morelle <shadowm at wesnoth.org>
  Date:   2020-01-13 (Mon, 13 Jan 2020)

  Changed paths:
    M src/sdl/surface.hpp

  Log Message:
  -----------
  sdl: Prevent undefined behaviour in clip_rect_setter

Unlike what the ctor's documentation says, passing a null SDL_Rect* does
have unexpected consequences. First, one of the first two arguments to
SDL_IntersectRect will be a null pointer, which results in
SDL_IntersectRect returning SDL_FALSE without ever touching the output
SDL_Rect. In this context that means that SDL_SetClipRect will receive a
pointer to a structure full of uninitialized values and all kinds of
weirdness could ensue next depending on the phase of the moon.

Additionally, while the SDL functions called here will do nothing on a
null pointer to a surface, the check introduced here requires
dereferencing the surface's members, so we need to explicitly do nothing
if the surface is null.

Both cases don't seem to ever happen in practice, judging from a cursory
glance at how clip_rect_setter is currently used in the codebase, but
that doesn't mean they will never turn up in the future.


  Commit: f04ad5a3508fd51ed51f4ea0bc8790601d5c9c43
      https://github.com/wesnoth/wesnoth/commit/f04ad5a3508fd51ed51f4ea0bc8790601d5c9c43
  Author: Charles Dang <exodia339 at gmail.com>
  Date:   2020-01-13 (Mon, 13 Jan 2020)

  Changed paths:
    M src/sdl/surface.hpp

  Log Message:
  -----------
  Merge pull request #4703 from shikadiqueen/bug/cliprect-ub-fix

sdl: Prevent undefined behaviour in clip_rect_setter


Compare: https://github.com/wesnoth/wesnoth/compare/ada19250f72f...f04ad5a3508f