[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [35593] trunk/blender/source/blender/imbuf /intern/scaling.c: BLI_assert's for when scaledownx / scaledowny don' t use the buffer correctly (theres a buffer overrun here [#26502]).
Campbell Barton
ideasman42 at gmail.com
Thu Mar 17 11:37:48 CET 2011
Revision: 35593
http://projects.blender.org/scm/viewvc.php?view=rev&root=bf-blender&revision=35593
Author: campbellbarton
Date: 2011-03-17 10:37:48 +0000 (Thu, 17 Mar 2011)
Log Message:
-----------
BLI_assert's for when scaledownx / scaledowny don't use the buffer correctly (theres a buffer overrun here [#26502]).
Modified Paths:
--------------
trunk/blender/source/blender/imbuf/intern/scaling.c
Modified: trunk/blender/source/blender/imbuf/intern/scaling.c
===================================================================
--- trunk/blender/source/blender/imbuf/intern/scaling.c 2011-03-17 10:31:20 UTC (rev 35592)
+++ trunk/blender/source/blender/imbuf/intern/scaling.c 2011-03-17 10:37:48 UTC (rev 35593)
@@ -35,6 +35,7 @@
#include "BLI_blenlib.h"
+#include "BLI_utildefines.h"
#include "MEM_guardedalloc.h"
#include "imbuf.h"
@@ -834,7 +835,10 @@
float *rectf, *_newrectf, *newrectf;
float sample, add, val[4], nval[4], valf[4], nvalf[4];
int x, y, do_rect = 0, do_float = 0;
+ uchar *rect_end;
+ float *rectf_end;
+
rectf= _newrectf= newrectf= NULL;
rect=_newrect= newrect= NULL;
nval[0]= nval[1]= nval[2]= nval[3]= 0.0f;
@@ -847,6 +851,7 @@
do_rect = 1;
_newrect = MEM_mallocN(newx * ibuf->y * sizeof(int), "scaledownx");
if (_newrect==NULL) return(ibuf);
+ rect_end= (unsigned char *)ibuf->rect + (ibuf->x * ibuf->y * sizeof(int));
}
if (ibuf->rect_float) {
do_float = 1;
@@ -855,6 +860,7 @@
if (_newrect) MEM_freeN(_newrect);
return(ibuf);
}
+ rectf_end= ibuf->rect_float + (ibuf->x * ibuf->y * sizeof(float) * 4);
}
add = (ibuf->x - 0.001) / newx;
@@ -937,11 +943,13 @@
}
if (do_rect) {
+ BLI_assert(rect == rect_end); /* see bug [#26502] */
imb_freerectImBuf(ibuf);
ibuf->mall |= IB_rect;
ibuf->rect = (unsigned int *) _newrect;
}
if (do_float) {
+ BLI_assert(rectf == rectf_end); /* see bug [#26502] */
imb_freerectfloatImBuf(ibuf);
ibuf->mall |= IB_rectfloat;
ibuf->rect_float = _newrectf;
@@ -958,6 +966,8 @@
float *rectf, *_newrectf, *newrectf;
float sample, add, val[4], nval[4], valf[4], nvalf[4];
int x, y, skipx, do_rect = 0, do_float = 0;
+ uchar *rect_end;
+ float *rectf_end;
rectf= _newrectf= newrectf= NULL;
rect= _newrect= newrect= NULL;
@@ -971,6 +981,7 @@
do_rect = 1;
_newrect = MEM_mallocN(newy * ibuf->x * sizeof(int), "scaledowny");
if (_newrect==NULL) return(ibuf);
+ rect_end= (unsigned char *)ibuf->rect + (ibuf->x * ibuf->y * sizeof(int));
}
if (ibuf->rect_float) {
do_float = 1;
@@ -979,6 +990,7 @@
if (_newrect) MEM_freeN(_newrect);
return(ibuf);
}
+ rectf_end= ibuf->rect_float + (ibuf->x * ibuf->y * sizeof(float) * 4);
}
add = (ibuf->y - 0.001) / newy;
@@ -1062,11 +1074,13 @@
}
if (do_rect) {
+ BLI_assert(rect == rect_end); /* see bug [#26502] */
imb_freerectImBuf(ibuf);
ibuf->mall |= IB_rect;
ibuf->rect = (unsigned int *) _newrect;
}
if (do_float) {
+ BLI_assert(rectf == rectf_end); /* see bug [#26502] */
imb_freerectfloatImBuf(ibuf);
ibuf->mall |= IB_rectfloat;
ibuf->rect_float = (float *) _newrectf;
More information about the Bf-blender-cvs
mailing list