On Tue, 28 Oct 2014 10:50:18 +0000 Frank Binns <[email protected]> wrote:
> There are a number of invalid read errors reported by valgrind of the > form: > ==13428== Invalid read of size 4 > ==13428== at 0x405656: advect (smoke.c:116) > ==13428== by 0x405E80: redraw_handler (smoke.c:228) > ==13428== by 0x40DE74: widget_redraw (window.c:3995) > ==13428== by 0x40E02D: surface_redraw (window.c:4053) > ==13428== by 0x40E0C9: idle_redraw (window.c:4082) > ==13428== by 0x410FC9: display_run (window.c:5561) > ==13428== by 0x406518: main (smoke.c:373) > ==13428== Address 0xb2c9b14 is 4 bytes after a block of size > 160,000 alloc'd > ==13428== at 0x4C29DB4: calloc > ==13428== by 0x40646B: main (smoke.c:360) > > This results in invalid rendering when running a debug version of the > application. > > Fix the issue by limiting the maximum values of px and py to 1.5 less > than width and height. This prevents reading past the end of the source > buffer. > > Bug: https://bugs.freedesktop.org/show_bug.cgi?id=82287 > Signed-off-by: Frank Binns <[email protected]> > --- > clients/smoke.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/clients/smoke.c b/clients/smoke.c > index 65b6e03..245e226 100644 > --- a/clients/smoke.c > +++ b/clients/smoke.c > @@ -88,10 +88,10 @@ static void advect(struct smoke *smoke, uint32_t time, > px = 0.5; > if (py < 0.5) > py = 0.5; > - if (px > smoke->width - 0.5) > - px = smoke->width - 0.5; > - if (py > smoke->height - 0.5) > - py = smoke->height - 0.5; > + if (px > smoke->width - 1.5) > + px = smoke->width - 1.5; > + if (py > smoke->height - 1.5) > + py = smoke->height - 1.5; > i = (int) px; > j = (int) py; > fx = px - i; Looks good to me, pushed. Thanks, pq _______________________________________________ wayland-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/wayland-devel
