diff options
author | Lars Knoll <lars.knoll@digia.com> | 2014-03-25 15:04:22 +0100 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2014-03-28 22:52:19 +0100 |
commit | c4d8734c504cf0f313245befa34501e7314b4cd1 (patch) | |
tree | fe7c21c9e75b2cfbb3d4c95eb04ccf56bae38ce7 /tests/auto/gui | |
parent | 123ae472e2668a1f57f7c69a1a2a59336f83d06a (diff) |
Avoid out of bounds memory reads when scaling images
The calculation of the width/height required for the
scaling algorithm was prone to floating point rounding
issues, where the lower value got rounded down, the higher
one rounded up. This could lead to a situation where we
iterated over one more line/pixel in the line than we have
in the source image.
Correct this by passing the dimension of the source image into
the function and bounds checking the values before iterating.
Task-number: QTBUG-35927
Change-Id: If44b2235a479224660d508a0504fec40d724763a
Reviewed-by: Laszlo Agocs <laszlo.agocs@digia.com>
Diffstat (limited to 'tests/auto/gui')
-rw-r--r-- | tests/auto/gui/image/qimage/tst_qimage.cpp | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/tests/auto/gui/image/qimage/tst_qimage.cpp b/tests/auto/gui/image/qimage/tst_qimage.cpp index 01a56883bf..95a9b142ec 100644 --- a/tests/auto/gui/image/qimage/tst_qimage.cpp +++ b/tests/auto/gui/image/qimage/tst_qimage.cpp @@ -168,6 +168,8 @@ private slots: void convertOverUnPreMul(); + void scaled_QTBUG35972(); + void cleanupFunctions(); }; @@ -2439,6 +2441,25 @@ void tst_QImage::convertOverUnPreMul() } } +void tst_QImage::scaled_QTBUG35972() +{ + QImage src(532,519,QImage::Format_ARGB32_Premultiplied); + src.fill(QColor(Qt::white)); + QImage dest(1000,1000,QImage::Format_ARGB32_Premultiplied); + dest.fill(QColor(Qt::white)); + QPainter painter1(&dest); + const QTransform trf(1.25, 0, + 0, 1.25, + /*dx */ 15.900000000000034, /* dy */ 72.749999999999986); + painter1.setTransform(trf); + painter1.drawImage(QRectF(-2.6, -2.6, 425.6, 415.20000000000005), src, QRectF(0,0,532,519)); + + const quint32 *pixels = reinterpret_cast<const quint32 *>(dest.constBits()); + int size = dest.width()*dest.height(); + for (int i = 0; i < size; ++i) + QCOMPARE(pixels[i], 0xffffffff); +} + static void cleanupFunction(void* info) { bool *called = static_cast<bool*>(info); |