From af604cc442bf6a613aad6be7a2f6107615d2aad4 Mon Sep 17 00:00:00 2001 From: Kelsi Date: Mon, 30 Mar 2026 15:37:38 -0700 Subject: [PATCH] fix: UB in mouse button polling, null deref in BigNum formatting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - input: fix undefined behavior in SDL mouse button loop — SDL_BUTTON(0) computes (1 << -1) which is UB. Start loop at 1 since SDL button indices are 1-based (SDL_BUTTON_LEFT=1, RIGHT=3, MIDDLE=2) - big_num: guard BN_bn2hex/BN_bn2dec against nullptr return on OpenSSL allocation failure — previously constructed std::string from nullptr which is undefined behavior --- src/auth/big_num.cpp | 3 +++ src/core/input.cpp | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/auth/big_num.cpp b/src/auth/big_num.cpp index 1ccaf27d..7e76475b 100644 --- a/src/auth/big_num.cpp +++ b/src/auth/big_num.cpp @@ -136,6 +136,8 @@ std::vector BigNum::toArray(bool littleEndian, int minSize) const { std::string BigNum::toHex() const { char* hex = BN_bn2hex(bn); + // BN_bn2hex returns nullptr on allocation failure + if (!hex) return "(null)"; std::string result(hex); OPENSSL_free(hex); return result; @@ -143,6 +145,7 @@ std::string BigNum::toHex() const { std::string BigNum::toDecimal() const { char* dec = BN_bn2dec(bn); + if (!dec) return "(null)"; std::string result(dec); OPENSSL_free(dec); return result; diff --git a/src/core/input.cpp b/src/core/input.cpp index b7c0e060..4c909824 100644 --- a/src/core/input.cpp +++ b/src/core/input.cpp @@ -25,7 +25,10 @@ void Input::update() { Uint32 mouseState = SDL_GetMouseState(&mouseX, &mouseY); mousePosition = glm::vec2(static_cast(mouseX), static_cast(mouseY)); - for (int i = 0; i < NUM_MOUSE_BUTTONS; ++i) { + // SDL_BUTTON(x) is defined as (1 << (x-1)), so button indices are 1-based. + // SDL_BUTTON(0) is undefined behavior (negative shift). Start at 1. + currentMouseState[0] = false; + for (int i = 1; i < NUM_MOUSE_BUTTONS; ++i) { currentMouseState[i] = (mouseState & SDL_BUTTON(i)) != 0; }