diff options
author | Frank Binns <frank.binns@imgtec.com> | 2014-10-28 10:50:18 +0000 |
---|---|---|
committer | Pekka Paalanen <pekka.paalanen@collabora.co.uk> | 2014-11-11 12:59:43 +0200 |
commit | 77f7daca681f0b90457fa7a67ad5de72a3d83a75 (patch) | |
tree | b83efcd3eea7b722ab1c66b8768f5fc3d1e9db5e /clients | |
parent | c8e41868fd488fe796cea4cde0b98acbee7a2551 (diff) |
smoke: fix valgrind invalid read errors
There are a number of invalid read errors reported by valgrind of the
form:
==13428== Invalid read of size 4
==13428== at 0x405656: advect (smoke.c:116)
==13428== by 0x405E80: redraw_handler (smoke.c:228)
==13428== by 0x40DE74: widget_redraw (window.c:3995)
==13428== by 0x40E02D: surface_redraw (window.c:4053)
==13428== by 0x40E0C9: idle_redraw (window.c:4082)
==13428== by 0x410FC9: display_run (window.c:5561)
==13428== by 0x406518: main (smoke.c:373)
==13428== Address 0xb2c9b14 is 4 bytes after a block of size
160,000 alloc'd
==13428== at 0x4C29DB4: calloc
==13428== by 0x40646B: main (smoke.c:360)
This results in invalid rendering when running a debug version of the
application.
Fix the issue by limiting the maximum values of px and py to 1.5 less
than width and height. This prevents reading past the end of the source
buffer.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=82287
Signed-off-by: Frank Binns <frank.binns@imgtec.com>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Diffstat (limited to 'clients')
-rw-r--r-- | clients/smoke.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/clients/smoke.c b/clients/smoke.c index 7f0d5e5c..baf75d21 100644 --- a/clients/smoke.c +++ b/clients/smoke.c @@ -87,10 +87,10 @@ static void advect(struct smoke *smoke, uint32_t time, px = 0.5; if (py < 0.5) py = 0.5; - if (px > smoke->width - 0.5) - px = smoke->width - 0.5; - if (py > smoke->height - 0.5) - py = smoke->height - 0.5; + if (px > smoke->width - 1.5) + px = smoke->width - 1.5; + if (py > smoke->height - 1.5) + py = smoke->height - 1.5; i = (int) px; j = (int) py; fx = px - i; |