From: Søren Sandmann Pedersen <[email protected]>
The infinite loop detected by "affine-test 212944861" is caused by an
overflow in this expression:
max_x = pixman_fixed_to_int (vx + (width - 1) * unit_x) + 1;
where (width - 1) * unit_x doesn't fit in a signed int.
By casting unit_x to int64_t, the expression no longer overflows and
affine-test 212944861 no longer loops forever.
---
pixman/pixman-inlines.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pixman/pixman-inlines.h b/pixman/pixman-inlines.h
index 5517de5..3a3c658 100644
--- a/pixman/pixman-inlines.h
+++ b/pixman/pixman-inlines.h
@@ -859,7 +859,7 @@ fast_composite_scaled_bilinear ## scale_func_name
(pixman_implementation_t *imp,
{
\
vx = v.vector[0];
\
repeat (PIXMAN_REPEAT_NORMAL, &vx,
pixman_int_to_fixed(src_image->bits.width)); \
- max_x = pixman_fixed_to_int (vx + (width - 1) * unit_x) + 1;
\
+ max_x = pixman_fixed_to_int (vx + (width - 1) * (int64_t)unit_x) + 1;
\
\
if (src_image->bits.width < REPEAT_NORMAL_MIN_WIDTH)
\
{
\
--
1.7.11.4
_______________________________________________
Pixman mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/pixman
