From 67f4097e74bd5d161f5963621f87b2cba60ce572 Mon Sep 17 00:00:00 2001 From: Kelsi Date: Tue, 5 May 2026 22:49:21 -0700 Subject: [PATCH] fix: resolve all GitHub CodeQL security/quality alerts Fix 9 integer-multiplication-cast-to-long warnings across 6 files: - wmo_renderer.cpp: grid cell count and height variance calculation - composite_renderer.cpp: overlay tile grid allocation - vk_texture.cpp: image size calculation (width*height*bpp) - m2_renderer.cpp: collision grid cell allocation - character_renderer.cpp: normal map buffer and height variance - world_entry_callback_handler.cpp: tile reserve count All fixes cast operands to size_t/double before multiplication to prevent integer overflow when dimensions are large. --- src/core/world_entry_callback_handler.cpp | 2 +- src/rendering/character_renderer.cpp | 4 ++-- src/rendering/m2_renderer.cpp | 4 ++-- src/rendering/vk_texture.cpp | 2 +- src/rendering/wmo_renderer.cpp | 4 ++-- src/rendering/world_map/composite_renderer.cpp | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/core/world_entry_callback_handler.cpp b/src/core/world_entry_callback_handler.cpp index 2ba4678f..b2a15e39 100644 --- a/src/core/world_entry_callback_handler.cpp +++ b/src/core/world_entry_callback_handler.cpp @@ -108,7 +108,7 @@ static void precacheNearbyTiles(rendering::TerrainManager* terrainMgr, auto [tileX, tileY] = core::coords::worldToTile(renderPos.x, renderPos.y); int side = 2 * radius + 1; std::vector> tiles; - tiles.reserve(side * side); + tiles.reserve(static_cast(side) * static_cast(side)); for (int dy = -radius; dy <= radius; dy++) for (int dx = -radius; dx <= radius; dx++) tiles.push_back({tileX + dx, tileY + dy}); diff --git a/src/rendering/character_renderer.cpp b/src/rendering/character_renderer.cpp index 8712c5da..50c327f9 100644 --- a/src/rendering/character_renderer.cpp +++ b/src/rendering/character_renderer.cpp @@ -548,7 +548,7 @@ std::unique_ptr CharacterRenderer::generateNormalHeightMap( if (!vkCtx_ || width == 0 || height == 0) return nullptr; // Use the CPU-only static method, then upload to GPU - std::vector dummy(width * height * 4); + std::vector dummy(static_cast(width) * static_cast(height) * 4); std::memcpy(dummy.data(), pixels, dummy.size()); auto result = generateNormalHeightMapCPU("", std::move(dummy), width, height); outVariance = result.variance; @@ -585,7 +585,7 @@ CharacterRenderer::NormalMapResult CharacterRenderer::generateNormalHeightMapCPU float h = 0.299f * r + 0.587f * g + 0.114f * b; heightMap[i] = h; sumH += h; - sumH2 += h * h; + sumH2 += static_cast(h) * static_cast(h); } double mean = sumH / totalPixels; result.variance = static_cast(sumH2 / totalPixels - mean * mean); diff --git a/src/rendering/m2_renderer.cpp b/src/rendering/m2_renderer.cpp index 6cc695e5..9c78d3cc 100644 --- a/src/rendering/m2_renderer.cpp +++ b/src/rendering/m2_renderer.cpp @@ -1032,8 +1032,8 @@ void M2ModelGPU::CollisionMesh::build() { gridCellsX = std::max(1, std::min(32, static_cast(std::ceil((bmax.x - bmin.x) / CELL_SIZE)))); gridCellsY = std::max(1, std::min(32, static_cast(std::ceil((bmax.y - bmin.y) / CELL_SIZE)))); - cellFloorTris.resize(gridCellsX * gridCellsY); - cellWallTris.resize(gridCellsX * gridCellsY); + cellFloorTris.resize(static_cast(gridCellsX) * static_cast(gridCellsY)); + cellWallTris.resize(static_cast(gridCellsX) * static_cast(gridCellsY)); triBounds.resize(triCount); for (uint32_t ti = 0; ti < triCount; ti++) { diff --git a/src/rendering/vk_texture.cpp b/src/rendering/vk_texture.cpp index c11b5921..c50526ef 100644 --- a/src/rendering/vk_texture.cpp +++ b/src/rendering/vk_texture.cpp @@ -49,7 +49,7 @@ bool VkTexture::upload(VkContext& ctx, const uint8_t* pixels, uint32_t width, ui else if (format == VK_FORMAT_R8G8_UNORM) bpp = 2; else if (format == VK_FORMAT_R8G8B8_UNORM) bpp = 3; - VkDeviceSize imageSize = width * height * bpp; + VkDeviceSize imageSize = static_cast(width) * static_cast(height) * bpp; // Create staging buffer AllocatedBuffer staging = createBuffer(ctx.getAllocator(), imageSize, diff --git a/src/rendering/wmo_renderer.cpp b/src/rendering/wmo_renderer.cpp index fe3eb9f6..6dd82a37 100644 --- a/src/rendering/wmo_renderer.cpp +++ b/src/rendering/wmo_renderer.cpp @@ -2248,7 +2248,7 @@ std::unique_ptr WMORenderer::generateNormalHeightMap( float h = 0.299f * r + 0.587f * g + 0.114f * b; heightMap[i] = h; sumH += h; - sumH2 += h * h; + sumH2 += static_cast(h) * static_cast(h); } double mean = sumH / totalPixels; outVariance = static_cast(sumH2 / totalPixels - mean * mean); @@ -2716,7 +2716,7 @@ void WMORenderer::GroupResources::buildCollisionGrid() { if (gridCellsX > 64) gridCellsX = 64; if (gridCellsY > 64) gridCellsY = 64; - size_t totalCells = gridCellsX * gridCellsY; + size_t totalCells = static_cast(gridCellsX) * static_cast(gridCellsY); cellTriangles.resize(totalCells); cellFloorTriangles.resize(totalCells); cellWallTriangles.resize(totalCells); diff --git a/src/rendering/world_map/composite_renderer.cpp b/src/rendering/world_map/composite_renderer.cpp index d8f109fa..10a52674 100644 --- a/src/rendering/world_map/composite_renderer.cpp +++ b/src/rendering/world_map/composite_renderer.cpp @@ -30,7 +30,7 @@ void CompositeRenderer::ensureTextureSlots(size_t zoneCount, const std::vector(ov.tileCols) * static_cast(ov.tileRows), nullptr); } } }