search

ryzom / ryzomcore

Ryzom Core is the open-source project related to the Ryzom game. This community repository is synchronized with the Ryzom Forge repository, based on the Core branch.
https://wiki.ryzom.dev
GNU Affero General Public License v3.0
333 stars 90 forks source link

Non-power-of-2 DDS crash #324

Closed ryzom-pipeline closed 6 years ago

ryzom-pipeline commented 6 years ago

Original report by Meelis Mägi (Bitbucket: [Meelis Mägi](https://bitbucket.org/Meelis Mägi), ).

When loading dds texture which is not power-of-2 it will overflow dest buffer.

For example CBitmap::decompressDXT1 I'm pretty sure pixelsCount will point outside allocated buffer space when j and k from for-loop is taken into account. Same code for DXT1/DXT3/DXT5

ryzom-pipeline commented 6 years ago

Original comment by Cédric Ochs (Bitbucket: [Cédric OCHS](https://bitbucket.org/Cédric OCHS), ).

I was almost sure, S3TC required a power-of-2 size but I just found "For non-power-of-two images that aren't a multiple of 4 in size, the other colors of the 4x4 block are taken to be black. Each 4x4 block is independent of any other, so it can be decompressed independently.".

Btw in what case did this crash occur since all Ryzom DDS textures are usually a power of 2 ? (perhaps graphists didn't use a power of 2 size ?)

ryzom-pipeline commented 6 years ago

Original comment by Meelis Mägi (Bitbucket: [Meelis Mägi](https://bitbucket.org/Meelis Mägi), ).

New(ish) texture ld_picture_halloween_frame.dds (256x50) used in ld_picture_halloween_valcorenoch.shape.

The other is corrupted_moor_map.dds (1536x1243) which is not used, but also crashes if trying to convert to png using CBitmap

ryzom-pipeline commented 6 years ago

Original comment by Cédric Ochs (Bitbucket: [Cédric OCHS](https://bitbucket.org/Cédric OCHS), ).

Argh, isn't tga2dds refusing to convert a not power of 2 texture ?

I already fixed some new textures that had wrong size or asked to artists to fix them.

ryzom-pipeline commented 6 years ago

Original comment by Meelis Mägi (Bitbucket: [Meelis Mägi](https://bitbucket.org/Meelis Mägi), ).

tga2dds does not check power-of-2

ryzom-pipeline commented 6 years ago

Original comment by Cédric Ochs (Bitbucket: [Cédric OCHS](https://bitbucket.org/Cédric OCHS), ).

Thanks, that's good to know :)

ryzom-pipeline commented 6 years ago

Original comment by Meelis Mägi (Bitbucket: [Meelis Mägi](https://bitbucket.org/Meelis Mägi), ).

no changes on encoding, but decoding invalid sizes should not crash anymore