[hatari-devel] video.c happily overwriting Hatari memory and crashing (when user uses border pixel values < 16)

Eero Tamminen eerot at users.berlios.de
Thu Mar 18 21:09:13 CET 2010


Hi,

On Thursday 18 March 2010, npomarede at corp.free.fr wrote:
> Well, the code is clearly "designed" that way, having border a multiple
> of sthg else than 16 would not have a real meaning, because we must have
> a number of bytes that matches 4 planes in lowres.

Internally the value *is* divisable by 16.  The problem is that the value
video.c uses can be zero (values 0-15 => 0) and then the current video.c
code overwrites memory it shouldn't.

I checked the version control history and this video.c bug is there already
in Hatari 1.0, it's just much easier to trigger with my patch because by
default these configuration values are set to a larger value and with my
patch it's more likely that they can go to zero.

You can trigger the bug in older Hatari just by setting these to zero:
nWindowBorderPixelsLeft = 48
nWindowBorderPixelsRight = 48
nFullScreenBorderPixelsLeft = 32
nFullScreenBorderPixelsRight = 32


> What should we do with 15 ? Add a "black" bytes to go to the closest 16
> bytes multiple ? This would be quite tricky to handle and would create a
> lot of cases in video.c (and this part is already quite complicated).

It could handle the case when there are no (left/right) borders.

I reviewed all the code using borders and I think the attached patch should
fix it.


	- Eero
-------------- next part --------------
A non-text attachment was scrubbed...
Name: video-fix.diff
Type: text/x-diff
Size: 937 bytes
Desc: not available
URL: <https://lists.berlios.de/pipermail/hatari-devel/attachments/20100318/3e91b58e/attachment.diff>


More information about the hatari-devel mailing list