diff options
author | Marc Mutz <marc.mutz@kdab.com> | 2016-03-12 11:34:48 +0100 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2016-07-30 10:01:56 +0000 |
commit | 068ce0b10c700df35ce10dee71e76d24a23694f5 (patch) | |
tree | ae6ce2f5baea1d526c717a996c0c17bbd14fefff /src | |
parent | f0685992a3412b059a0952ac591f40856ffffb6f (diff) |
QRasterizer: fix UBs involving << with a negative LHS
Left-shifts of negative values are undefined in C++. In particular,
they don't behave arithmetically.
Reported by UBSan:
qrasterizer.cpp:609:48: runtime error: left shift of negative value -640/-2240
qrasterizer.cpp:982:38: runtime error: left shift of negative value -2
Fix by using ordinary multiplication instead, because negative
left-hand-side values don't look like they are an error.
No errors were actually reported for a.y << 10, but I changed it
nonetheless, since all a missing error means is that the test data
didn't excercise this code path with negative Y values.
Change-Id: I1fa9deca263f12206a3f7eab6ad875fc3242269d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/gui/painting/qrasterizer.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/gui/painting/qrasterizer.cpp b/src/gui/painting/qrasterizer.cpp index 34d72bf493..9411a20000 100644 --- a/src/gui/painting/qrasterizer.cpp +++ b/src/gui/painting/qrasterizer.cpp @@ -47,7 +47,7 @@ QT_BEGIN_NAMESPACE typedef int Q16Dot16; #define Q16Dot16ToFloat(i) ((i)/65536.) #define FloatToQ16Dot16(i) (int)((i) * 65536.) -#define IntToQ16Dot16(i) ((i) << 16) +#define IntToQ16Dot16(i) ((i) * (1 << 16)) #define Q16Dot16ToInt(i) ((i) >> 16) #define Q16Dot16Factor 65536 @@ -606,7 +606,7 @@ void QScanConverter::mergeLine(QT_FT_Vector a, QT_FT_Vector b) int iBottom = qMin(m_bottom, int((b.y - 32 - rounding) >> 6)); if (iTop <= iBottom) { - Q16Dot16 aFP = Q16Dot16Factor/2 + (a.x << 10) - rounding; + Q16Dot16 aFP = Q16Dot16Factor/2 + (a.x * (1 << 10)) - rounding; if (b.x == a.x) { Line line = { qBound(m_leftFP, aFP, m_rightFP), 0, iTop, iBottom, winding }; @@ -618,7 +618,7 @@ void QScanConverter::mergeLine(QT_FT_Vector a, QT_FT_Vector b) Q16Dot16 xFP = aFP + Q16Dot16Multiply(slopeFP, IntToQ16Dot16(iTop) - + Q16Dot16Factor/2 - (a.y << 10)); + + Q16Dot16Factor/2 - (a.y * (1 << 10))); if (clip(xFP, iTop, iBottom, slopeFP, m_leftFP, winding)) return; |