john/McRogueFace
1
0
Fork 0
Code Issues 41 Pull requests Projects 1 Releases Wiki Activity

[Bugfix] Potential null pointer dereference in HeightMap layer operations #214

New issue
Open
opened 2026-01-12 03:49:01 +00:00 by john · 0 comments
john commented 2026-01-12 03:49:01 +00:00
Owner
Copy link

Problem

The HeightMap-to-layer application methods (apply_threshold, apply_gradient, apply_ranges) do not verify that the HeightMap's internal TCOD pointer is non-null before dereferencing it.

Location 1: ValidateHeightMapSize (GridLayers.cpp:50-61)

static bool ValidateHeightMapSize(PyHeightMapObject* hmap, int grid_x, int grid_y) {
    int hmap_width = hmap->heightmap->w;  // CRASH if heightmap is nullptr
    int hmap_height = hmap->heightmap->h;
    // ...
}

Location 2: Apply loops (GridLayers.cpp, multiple locations)

float value = TCOD_heightmap_get_value(hmap->heightmap, x, y);  // CRASH if nullptr

When Can This Happen?

A PyHeightMapObject can have heightmap == nullptr if:

  1. Memory allocation failed during TCOD_heightmap_new() in init
  2. The object was created but init raised an exception
  3. (Theoretically) Object corruption

While rare in practice, this violates defensive programming principles and could cause hard-to-diagnose segfaults.

Reproduction (Theoretical)

# If memory allocation fails during HeightMap creation:
import mcrfpy
hmap = mcrfpy.HeightMap((1000000, 1000000))  # Might fail allocation
layer.apply_threshold(hmap, (0, 1), 5)  # Would segfault

Proposed Fix

Add null check before ValidateHeightMapSize in each apply method:

PyHeightMapObject* hmap;
if (!IsHeightMapObject(source_obj, &hmap)) {
    PyErr_SetString(PyExc_TypeError, "source must be a HeightMap");
    return NULL;
}

// ADD THIS CHECK:
if (!hmap->heightmap) {
    PyErr_SetString(PyExc_RuntimeError, "HeightMap is not initialized");
    return NULL;
}

if (!ValidateHeightMapSize(hmap, self->data->grid_x, self->data->grid_y)) {
    return NULL;
}

Affected Methods

  • TileLayer.apply_threshold() (GridLayers.cpp:1781)
  • TileLayer.apply_ranges() (GridLayers.cpp:1834)
  • ColorLayer.apply_threshold() (GridLayers.cpp:1233)
  • ColorLayer.apply_gradient() (GridLayers.cpp:1292)
  • ColorLayer.apply_ranges() (GridLayers.cpp:1358)

Related

Discovered during code review of #200 and #201 implementations.

## Problem The HeightMap-to-layer application methods (`apply_threshold`, `apply_gradient`, `apply_ranges`) do not verify that the HeightMap's internal TCOD pointer is non-null before dereferencing it. ### Location 1: ValidateHeightMapSize (GridLayers.cpp:50-61) ```cpp static bool ValidateHeightMapSize(PyHeightMapObject* hmap, int grid_x, int grid_y) { int hmap_width = hmap->heightmap->w; // CRASH if heightmap is nullptr int hmap_height = hmap->heightmap->h; // ... } ``` ### Location 2: Apply loops (GridLayers.cpp, multiple locations) ```cpp float value = TCOD_heightmap_get_value(hmap->heightmap, x, y); // CRASH if nullptr ``` ## When Can This Happen? A `PyHeightMapObject` can have `heightmap == nullptr` if: 1. Memory allocation failed during `TCOD_heightmap_new()` in init 2. The object was created but init raised an exception 3. (Theoretically) Object corruption While rare in practice, this violates defensive programming principles and could cause hard-to-diagnose segfaults. ## Reproduction (Theoretical) ```python # If memory allocation fails during HeightMap creation: import mcrfpy hmap = mcrfpy.HeightMap((1000000, 1000000)) # Might fail allocation layer.apply_threshold(hmap, (0, 1), 5) # Would segfault ``` ## Proposed Fix Add null check before `ValidateHeightMapSize` in each apply method: ```cpp PyHeightMapObject* hmap; if (!IsHeightMapObject(source_obj, &hmap)) { PyErr_SetString(PyExc_TypeError, "source must be a HeightMap"); return NULL; } // ADD THIS CHECK: if (!hmap->heightmap) { PyErr_SetString(PyExc_RuntimeError, "HeightMap is not initialized"); return NULL; } if (!ValidateHeightMapSize(hmap, self->data->grid_x, self->data->grid_y)) { return NULL; } ``` ## Affected Methods - `TileLayer.apply_threshold()` (GridLayers.cpp:1781) - `TileLayer.apply_ranges()` (GridLayers.cpp:1834) - `ColorLayer.apply_threshold()` (GridLayers.cpp:1233) - `ColorLayer.apply_gradient()` (GridLayers.cpp:1292) - `ColorLayer.apply_ranges()` (GridLayers.cpp:1358) ## Related Discovered during code review of #200 and #201 implementations.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
rogueliketutorial25
alpha_presentable
alpha_streamline_2
alpha_streamline_1
interpreter_mode
grid_entity_integration
reprs_and_member_names
break_up_ui_h
standardize_font_handling
standardize_vector_handling
standardize_color_handling
standardize_texture_handling
raii_pyobjects
rebase-for-7DRL_Feb-2024
engjam_uicollection
engjam_ui_overhaul
No results found.
Labels
Clear labels   
Alpha Release Requirement

This issue is a blocker to 0.1 Alpha release of McRogueFace.

  
Bugfix

   
Demo Target

Functionality to demonstrate; Depends on new features, but this issue isn't for writing them.

  
Documentation

   
Major Feature

Significant time and effort required.

  
Minor Feature

Some effort required to create or overhaul functionality.

  
priority:tier1-active

Current development focus - critical path to v1.0

  
priority:tier2-foundation

Important foundation work - not blocking v1.0

  
priority:tier3-future

Future features - deferred until after v1.0

  
priority:tier4-deferred

   
Refactoring & Cleanup

no new functionality, just improving the codebase.

  
system:animation

Animation and property interpolation

  
system:documentation

Documentation infrastructure

  
system:grid

Grid system and spatial containers

  
system:input

Input handling and events

  
system:performance

Performance optimization and profiling

  
system:procgen

Procedural Generation (Noise, BSP, Heightmap)

  
system:python-binding

Python/C++ binding layer

  
system:rendering

Rendering pipeline and visuals

  
system:ui-hierarchy

UI component hierarchy and composition

  
Tiny Feature

quick and easy - a few lines or with little interconnection around the codebase

  
workflow:blocked

Blocked by other work - waiting on dependencies

  
workflow:needs-benchmark

Needs performance testing and benchmarks

  
workflow:needs-documentation

Needs documentation before or after implementation

No labels
Alpha Release Requirement
Bugfix
Demo Target
Documentation
Major Feature
Minor Feature
priority:tier1-active
priority:tier2-foundation
priority:tier3-future
priority:tier4-deferred
Refactoring & Cleanup
system:animation
system:documentation
system:grid
system:input
system:performance
system:procgen
system:python-binding
system:rendering
system:ui-hierarchy
Tiny Feature
workflow:blocked
workflow:needs-benchmark
workflow:needs-documentation
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
john/McRogueFace#214
No description provided.