diff --git a/src/engine/client/cl_cgame.cpp b/src/engine/client/cl_cgame.cpp index 79349175bb..b5d30a389f 100644 --- a/src/engine/client/cl_cgame.cpp +++ b/src/engine/client/cl_cgame.cpp @@ -1358,6 +1358,12 @@ void CGameVM::QVMSyscall(int syscallNum, Util::Reader& reader, IPC::Channel& cha case CG_R_GENERATETEXTURE: IPC::HandleMsg(channel, std::move(reader), [this] (std::vector data, int x, int y, qhandle_t& handle) { + // Limit max size to avoid int overflow issues + if (x <= 0 || y <= 0 || x > 16384 || y > 16384 || size_t(x * y * 4) != data.size()) { + Log::Warn("GenerateTextureMsg: bad dimensions or size: %dx%d / %d bytes", x, y, data.size()); + handle = 0; + return; + } handle = re.GenerateTexture(data.data(), x, y); }); break; diff --git a/src/engine/renderer/tr_image.cpp b/src/engine/renderer/tr_image.cpp index 61c96a7a65..60cfafab5b 100644 --- a/src/engine/renderer/tr_image.cpp +++ b/src/engine/renderer/tr_image.cpp @@ -3184,26 +3184,18 @@ void RE_GetTextureSize( int textureID, int *width, int *height ) } } -// This code is used to upload images produced by the game (like GUI elements produced by libRocket in Unvanquished) -int numTextures = 0; - +// This code is used to upload images produced by the game (like glyphs produced by RMLUI in Unvanquished) qhandle_t RE_GenerateTexture( const byte *pic, int width, int height ) { - size_t size = width * height; - - if ( !size ) { - Log::Warn("RE_GenerateTexture: image size %dx%d is 0", width, height ); - return 0; - } - R_SyncRenderThread(); - const char *name = va( "rocket%d", numTextures++ ); + std::string name = Str::Format( "$generatedTexture%d", tr.numGeneratedTextures++ ); imageParams_t imageParams = {}; imageParams.bits = IF_NOPICMIP; imageParams.filterType = filterType_t::FT_LINEAR; imageParams.wrapType = wrapTypeEnum_t::WT_CLAMP; - return RE_RegisterShaderFromImage( name, R_CreateImage( name, &pic, width, height, 1, imageParams ) ); + return RE_RegisterShaderFromImage( + name.c_str(), R_CreateImage( name.c_str(), &pic, width, height, 1, imageParams ) ); } diff --git a/src/engine/renderer/tr_local.h b/src/engine/renderer/tr_local.h index 5e0e4eedeb..8e5e09d948 100644 --- a/src/engine/renderer/tr_local.h +++ b/src/engine/renderer/tr_local.h @@ -2849,6 +2849,8 @@ enum class ssaoMode { std::vector images; + unsigned numGeneratedTextures; + int numFBOs; FBO_t *fbos[ MAX_FBOS ];