Fix heap overflow when reading

PF_RGB is 3 bytes. But later on Ogre2SelectionBuffer::OnSelectionClick will try to read 4 bytes from it. Fixed by ensuring it's always at least 4 bytes and zero-initializing those 4 bytes. Signed-off-by: Matias N. Goldberg <[email protected]>
gazebosim · Jun 14, 2021 · 598aca1 · 598aca1
1 parent f9f1820
commit 598aca1
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/ogre2/src/Ogre2SelectionBuffer.cc b/ogre2/src/Ogre2SelectionBuffer.cc
@@ -192,9 +192,12 @@ void Ogre2SelectionBuffer::CreateRTTBuffer()
   const_cast<Ogre::CompositorPassSceneDef *>(scenePass)->mVisibilityMask =
       IGN_VISIBILITY_SELECTABLE;
 
-  // buffer to store render texture data
-  size_t bufferSize = Ogre::PixelUtil::getMemorySize(width, height, 1, format);
+  // buffer to store render texture data. Ensure it's at least 4 bytes
+  size_t bufferSize = std::min<size_t>(
+		  Ogre::PixelUtil::getMemorySize(width, height, 1, format),
+		  4u);
   this->dataPtr->buffer = new uint8_t[bufferSize];
+  memset(this->dataPtr->buffer, 0, 4u);
   this->dataPtr->pixelBox = new Ogre::PixelBox(width,
       height, 1, format, this->dataPtr->buffer);
 }