From ecd733cd31e58bca16ba83e779d18eb043f38a9b Mon Sep 17 00:00:00 2001 From: UnknownShadow200 Date: Wed, 8 Dec 2021 12:22:26 +1100 Subject: [PATCH] What's operator precedence anyways? Fixes game crashing due to heap corruption due to reading dst_height from wrong address (which would set dst_height to e.g. 7387141), which would then cause img_height to be set to 150, which would hence write to memory used by other data (as destination bitmap was actually only 64 pixels tall) --- src/interop_web.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/interop_web.js b/src/interop_web.js index fc7bc19e1..9b3bdcfd5 100644 --- a/src/interop_web.js +++ b/src/interop_web.js @@ -847,14 +847,15 @@ mergeInto(LibraryManager.library, { var text = UTF8ArrayToString(HEAPU8, textStr, textLen); var ctx = _interop_TextInit(font, fontSize); - ctx.fillStyle = "#ffffff"; + ctx.fillStyle = "#ffffff"; ctx.fillRect(0, 0, ctx.canvas.width, ctx.canvas.height); - ctx.fillStyle = "#000000"; + ctx.fillStyle = "#000000"; ctx.fillText(text, 0, 0); - var dst_pixels = HEAP32[(bmp|0 + 0)>>2]; - var dst_width = HEAP32[(bmp|0 + 4)>>2]; - var dst_height = HEAP32[(bmp|0 + 8)>>2]; + bmp = bmp|0; + var dst_pixels = HEAP32[(bmp + 0|0)>>2]; + var dst_width = HEAP32[(bmp + 4|0)>>2]; + var dst_height = HEAP32[(bmp + 8|0)>>2]; // TODO not all of it var src = ctx.getImageData(0, 0, ctx.canvas.width, ctx.canvas.height);