From 52587c28d60a5113c3e716df4f10ba7adb85f639 Mon Sep 17 00:00:00 2001 From: EggsyCRO <39103865+EggsyCRO@users.noreply.github.com> Date: Thu, 27 Jul 2023 21:56:18 +0200 Subject: [PATCH] ImDrawList: Fixed OOB access in _CalcCircleAutoSegmentCount when passing excessively large radius to AddCircle(). (#6657, #5317) --- docs/CHANGELOG.txt | 2 ++ imgui_draw.cpp | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/CHANGELOG.txt b/docs/CHANGELOG.txt index bbfe8ae79..ad5868f3f 100644 --- a/docs/CHANGELOG.txt +++ b/docs/CHANGELOG.txt @@ -46,6 +46,8 @@ Other changes: - Sliders: Fixed an integer overflow and div-by-zero in SliderInt() when v_max=INT_MAX (#6675, #6679) [@jbarthelmes] +- ImDrawList: Fixed OOB access in _CalcCircleAutoSegmentCount when passing excessively + large radius to AddCircle(). (#6657, #5317) [@EggsyCRO, @jdpatdiscord] ----------------------------------------------------------------------- diff --git a/imgui_draw.cpp b/imgui_draw.cpp index db1bc1e89..ffdb44138 100644 --- a/imgui_draw.cpp +++ b/imgui_draw.cpp @@ -561,7 +561,7 @@ int ImDrawList::_CalcCircleAutoSegmentCount(float radius) const { // Automatic segment count const int radius_idx = (int)(radius + 0.999999f); // ceil to never reduce accuracy - if (radius_idx < IM_ARRAYSIZE(_Data->CircleSegmentCounts)) + if (radius_idx >= 0 && radius_idx < IM_ARRAYSIZE(_Data->CircleSegmentCounts)) return _Data->CircleSegmentCounts[radius_idx]; // Use cached value else return IM_DRAWLIST_CIRCLE_AUTO_SEGMENT_CALC(radius, _Data->CircleSegmentMaxError);