ImDrawList: fixed AddCircle, AddCircleFilled buffer read overflow with (rad > 0.0f && rad < 1.0f && num_segments == 0). (#3738)

Amend 051ce076. Maximum cached count becomes 63 instead of 64.
This commit is contained in:
ocornut 2021-01-25 14:58:52 +01:00
parent 58075c4414
commit f144c67676
5 changed files with 19 additions and 6 deletions

View File

@ -31,10 +31,22 @@ HOW TO UPDATE?
- Please report any issue! - Please report any issue!
-----------------------------------------------------------------------
VERSION 1.8X (In Progress)
-----------------------------------------------------------------------
Other Changes:
- ImDrawList: fixed AddCircle()/AddCircleFilled() with (rad > 0.0f && rad < 1.0f && num_segments == 0). (#3738)
Would lead to a buffer read overflow.
----------------------------------------------------------------------- -----------------------------------------------------------------------
VERSION 1.80 (Released 2021-01-21) VERSION 1.80 (Released 2021-01-21)
----------------------------------------------------------------------- -----------------------------------------------------------------------
Decorated log: https://github.com/ocornut/imgui/releases/tag/v1.80
Breaking Changes: Breaking Changes:
- Added imgui_tables.cpp file! Manually constructed project files will need the new file added! (#3740) - Added imgui_tables.cpp file! Manually constructed project files will need the new file added! (#3740)

View File

@ -1130,7 +1130,7 @@ void ImGuiIO::ClearInputCharacters()
ImVec2 ImBezierCubicClosestPoint(const ImVec2& p1, const ImVec2& p2, const ImVec2& p3, const ImVec2& p4, const ImVec2& p, int num_segments) ImVec2 ImBezierCubicClosestPoint(const ImVec2& p1, const ImVec2& p2, const ImVec2& p3, const ImVec2& p4, const ImVec2& p, int num_segments)
{ {
IM_ASSERT(num_segments > 0); // Use ImBezierClosestPointCasteljau() IM_ASSERT(num_segments > 0); // Use ImBezierCubicClosestPointCasteljau()
ImVec2 p_last = p1; ImVec2 p_last = p1;
ImVec2 p_closest; ImVec2 p_closest;
float p_closest_dist2 = FLT_MAX; float p_closest_dist2 = FLT_MAX;

View File

@ -59,7 +59,7 @@ Index of this file:
// Version // Version
// (Integer encoded as XYYZZ for use in #if preprocessor conditionals. Work in progress versions typically starts at XYY99 then bounce up to XYY00, XYY01 etc. when release tagging happens) // (Integer encoded as XYYZZ for use in #if preprocessor conditionals. Work in progress versions typically starts at XYY99 then bounce up to XYY00, XYY01 etc. when release tagging happens)
#define IMGUI_VERSION "1.80" #define IMGUI_VERSION "1.80"
#define IMGUI_VERSION_NUM 18000 #define IMGUI_VERSION_NUM 18001
#define IMGUI_CHECKVERSION() ImGui::DebugCheckVersionAndDataLayout(IMGUI_VERSION, sizeof(ImGuiIO), sizeof(ImGuiStyle), sizeof(ImVec2), sizeof(ImVec4), sizeof(ImDrawVert), sizeof(ImDrawIdx)) #define IMGUI_CHECKVERSION() ImGui::DebugCheckVersionAndDataLayout(IMGUI_VERSION, sizeof(ImGuiIO), sizeof(ImGuiStyle), sizeof(ImVec2), sizeof(ImVec4), sizeof(ImDrawVert), sizeof(ImDrawIdx))
#define IMGUI_HAS_TABLE #define IMGUI_HAS_TABLE

View File

@ -377,7 +377,7 @@ void ImDrawListSharedData::SetCircleSegmentMaxError(float max_error)
CircleSegmentMaxError = max_error; CircleSegmentMaxError = max_error;
for (int i = 0; i < IM_ARRAYSIZE(CircleSegmentCounts); i++) for (int i = 0; i < IM_ARRAYSIZE(CircleSegmentCounts); i++)
{ {
const float radius = i + 1.0f; const float radius = (float)i;
const int segment_count = IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_CALC(radius, CircleSegmentMaxError); const int segment_count = IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_CALC(radius, CircleSegmentMaxError);
CircleSegmentCounts[i] = (ImU8)ImMin(segment_count, 255); CircleSegmentCounts[i] = (ImU8)ImMin(segment_count, 255);
} }
@ -1278,7 +1278,7 @@ void ImDrawList::AddCircle(const ImVec2& center, float radius, ImU32 col, int nu
if (num_segments <= 0) if (num_segments <= 0)
{ {
// Automatic segment count // Automatic segment count
const int radius_idx = (int)radius - 1; const int radius_idx = (int)radius;
if (radius_idx < IM_ARRAYSIZE(_Data->CircleSegmentCounts)) if (radius_idx < IM_ARRAYSIZE(_Data->CircleSegmentCounts))
num_segments = _Data->CircleSegmentCounts[radius_idx]; // Use cached value num_segments = _Data->CircleSegmentCounts[radius_idx]; // Use cached value
else else
@ -1308,7 +1308,7 @@ void ImDrawList::AddCircleFilled(const ImVec2& center, float radius, ImU32 col,
if (num_segments <= 0) if (num_segments <= 0)
{ {
// Automatic segment count // Automatic segment count
const int radius_idx = (int)radius - 1; const int radius_idx = (int)radius;
if (radius_idx < IM_ARRAYSIZE(_Data->CircleSegmentCounts)) if (radius_idx < IM_ARRAYSIZE(_Data->CircleSegmentCounts))
num_segments = _Data->CircleSegmentCounts[radius_idx]; // Use cached value num_segments = _Data->CircleSegmentCounts[radius_idx]; // Use cached value
else else

View File

@ -610,6 +610,7 @@ struct IMGUI_API ImChunkStream
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// ImDrawList: Helper function to calculate a circle's segment count given its radius and a "maximum error" value. // ImDrawList: Helper function to calculate a circle's segment count given its radius and a "maximum error" value.
// FIXME: the minimum number of auto-segment may be undesirably high for very small radiuses (e.g. 1.0f)
#define IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_MIN 12 #define IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_MIN 12
#define IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_MAX 512 #define IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_MAX 512
#define IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_CALC(_RAD,_MAXERROR) ImClamp((int)((IM_PI * 2.0f) / ImAcos(((_RAD) - (_MAXERROR)) / (_RAD))), IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_MIN, IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_MAX) #define IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_CALC(_RAD,_MAXERROR) ImClamp((int)((IM_PI * 2.0f) / ImAcos(((_RAD) - (_MAXERROR)) / (_RAD))), IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_MIN, IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_MAX)
@ -633,7 +634,7 @@ struct IMGUI_API ImDrawListSharedData
// [Internal] Lookup tables // [Internal] Lookup tables
ImVec2 ArcFastVtx[12 * IM_DRAWLIST_ARCFAST_TESSELLATION_MULTIPLIER]; // FIXME: Bake rounded corners fill/borders in atlas ImVec2 ArcFastVtx[12 * IM_DRAWLIST_ARCFAST_TESSELLATION_MULTIPLIER]; // FIXME: Bake rounded corners fill/borders in atlas
ImU8 CircleSegmentCounts[64]; // Precomputed segment count for given radius (array index + 1) before we calculate it dynamically (to avoid calculation overhead) ImU8 CircleSegmentCounts[64]; // Precomputed segment count for given radius before we calculate it dynamically (to avoid calculation overhead)
const ImVec4* TexUvLines; // UV of anti-aliased lines in the atlas const ImVec4* TexUvLines; // UV of anti-aliased lines in the atlas
ImDrawListSharedData(); ImDrawListSharedData();