From 52619ae7787b3c4febb73a02afa623b12edabc97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuel=20R=C3=B8dal?= <samuel.rodal@digia.com>
Date: Fri, 14 Dec 2012 10:52:47 +0100
Subject: Fixed invalid memory read in SSSE3 image blending code.

We need to do bounds comparison on the actual offset we're going to use
with _mm_load_si128 to read 16 bytes from memory (even though we won't
use the trailing bytes in the end).

Task-number: QTBUG-28324
Change-Id: Id0d6094da796ca67338d8ad225fa6b2f309bbe6e
Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
---
 src/gui/painting/qdrawhelper_ssse3.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/gui/painting/qdrawhelper_ssse3.cpp')

diff --git a/src/gui/painting/qdrawhelper_ssse3.cpp b/src/gui/painting/qdrawhelper_ssse3.cpp
index 09e0516dcb..9f80c70fcc 100644
--- a/src/gui/painting/qdrawhelper_ssse3.cpp
+++ b/src/gui/painting/qdrawhelper_ssse3.cpp
@@ -60,7 +60,7 @@ inline static void blend_pixel(quint32 &dst, const quint32 src)
    shift (4, 8, 12). Checking the alignment inside the loop is unfortunatelly way too slow.
  */
 #define BLENDING_LOOP(palignrOffset, length)\
-    for (; x < length-3; x += 4) { \
+    for (; x-minusOffsetToAlignSrcOn16Bytes < length-7; x += 4) { \
         const __m128i srcVectorLastLoaded = _mm_load_si128((__m128i *)&src[x - minusOffsetToAlignSrcOn16Bytes + 4]);\
         const __m128i srcVector = _mm_alignr_epi8(srcVectorLastLoaded, srcVectorPrevLoaded, palignrOffset); \
         const __m128i srcVectorAlpha = _mm_and_si128(srcVector, alphaMask); \
-- 
cgit v1.2.3