diff options
author | Lars Knoll <lars.knoll@digia.com> | 2014-03-25 15:55:34 +0100 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2014-04-03 12:47:43 +0200 |
commit | 343df131f7207d65932c6505769aa2fb7fc04713 (patch) | |
tree | eb21e990c881d79f39a5bc85a5366df8190d5f7a /src/gui/painting/qdrawhelper_neon.cpp | |
parent | 565f5236c6c72effa914ae0537a1fb2b0de1027c (diff) |
Avoid out of bounds memory reads when scaling imagesv4.8.6
The calculation of the width/height required for the
scaling algorithm was prone to floating point rounding
issues, where the lower value got rounded down, the higher
one rounded up. This could lead to a situation where we
iterated over one more line/pixel in the line than we have
in the source image.
Correct this by passing the dimension of the source image into
the function and bounds checking the values before iterating.
Backport of If44b2235a479224660d508a0504fec40d724763a from Qt 5
Task-number: QTBUG-35927
Change-Id: If145ee715a143b889538243f45227d8d78a0050f
Reviewed-by: Laszlo Agocs <laszlo.agocs@digia.com>
Diffstat (limited to 'src/gui/painting/qdrawhelper_neon.cpp')
-rw-r--r-- | src/gui/painting/qdrawhelper_neon.cpp | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/gui/painting/qdrawhelper_neon.cpp b/src/gui/painting/qdrawhelper_neon.cpp index 48853f1a43..e3e74d0e1f 100644 --- a/src/gui/painting/qdrawhelper_neon.cpp +++ b/src/gui/painting/qdrawhelper_neon.cpp @@ -539,7 +539,7 @@ Blend_on_RGB16_SourceAndConstAlpha_Neon_create(BlendFunc blender, int const_alph } void qt_scale_image_argb32_on_rgb16_neon(uchar *destPixels, int dbpl, - const uchar *srcPixels, int sbpl, + const uchar *srcPixels, int sbpl, int sh, const QRectF &targetRect, const QRectF &sourceRect, const QRect &clip, @@ -548,19 +548,19 @@ void qt_scale_image_argb32_on_rgb16_neon(uchar *destPixels, int dbpl, if (const_alpha == 0) return; - qt_scale_image_16bit<quint32>(destPixels, dbpl, srcPixels, sbpl, targetRect, sourceRect, clip, + qt_scale_image_16bit<quint32>(destPixels, dbpl, srcPixels, sbpl, sh, targetRect, sourceRect, clip, Blend_on_RGB16_SourceAndConstAlpha_Neon_create<quint32>(blend_8_pixels_argb32_on_rgb16_neon, const_alpha)); } void qt_scale_image_rgb16_on_rgb16(uchar *destPixels, int dbpl, - const uchar *srcPixels, int sbpl, + const uchar *srcPixels, int sbpl, int sh, const QRectF &targetRect, const QRectF &sourceRect, const QRect &clip, int const_alpha); void qt_scale_image_rgb16_on_rgb16_neon(uchar *destPixels, int dbpl, - const uchar *srcPixels, int sbpl, + const uchar *srcPixels, int sbpl, int sh, const QRectF &targetRect, const QRectF &sourceRect, const QRect &clip, @@ -570,11 +570,11 @@ void qt_scale_image_rgb16_on_rgb16_neon(uchar *destPixels, int dbpl, return; if (const_alpha == 256) { - qt_scale_image_rgb16_on_rgb16(destPixels, dbpl, srcPixels, sbpl, targetRect, sourceRect, clip, const_alpha); + qt_scale_image_rgb16_on_rgb16(destPixels, dbpl, srcPixels, sbpl, sh, targetRect, sourceRect, clip, const_alpha); return; } - qt_scale_image_16bit<quint16>(destPixels, dbpl, srcPixels, sbpl, targetRect, sourceRect, clip, + qt_scale_image_16bit<quint16>(destPixels, dbpl, srcPixels, sbpl, sh, targetRect, sourceRect, clip, Blend_on_RGB16_SourceAndConstAlpha_Neon_create<quint16>(blend_8_pixels_rgb16_on_rgb16_neon, const_alpha)); } |