[Pixman] [PATCH] In pixman_image_create_bits() allow images larger than 2GB
Soeren Sandmann
sandmann at cs.au.dk
Thu Aug 11 04:48:34 PDT 2011
Chris Wilson <chris at chris-wilson.co.uk> writes:
> On Thu, 11 Aug 2011 06:43:03 -0400, Søren Sandmann <sandmann at cs.au.dk> wrote:
>> From: Søren Sandmann Pedersen <ssp at redhat.com>
>>
>> There is no reason for pixman_image_create_bits() to check that the
>> image size fits in int32_t. The correct check is against size_t since
>> that is what the argument to calloc() is.
>
> The only question I have is whether ssize_t width and height is
> appropriate, the valid image dimensions are still only int32_t right?
Yeah, you are right. It's only an internal function, so using ssize_t is
harmless, but there's no need to introduce this confusion. New version
below.
Thanks,
Soren
commit cb49f9427ead511b9bd60e771fc1b0d74d72d22a
Author: Søren Sandmann Pedersen <ssp at redhat.com>
Date: Thu Aug 11 06:30:43 2011 -0400
In pixman_image_create_bits() allow images larger than 2GB
There is no reason for pixman_image_create_bits() to check that the
image size fits in int32_t. The correct check is against size_t since
that is what the argument to calloc() is.
This patch fixes this by adding a new _pixman_multiply_overflows_size()
and using it in create_bits(). Also prepend an underscore to the names
of other similar functions since they are internal to pixman.
V2: Use int, not ssize_t for the arguments in create_bits() since
width/height are still limited to 32 bits, as pointed out by Chris
Wilson.
diff --git a/pixman/pixman-bits-image.c b/pixman/pixman-bits-image.c
index 4e9ed14..f5b66dc 100644
--- a/pixman/pixman-bits-image.c
+++ b/pixman/pixman-bits-image.c
@@ -1490,10 +1490,10 @@ static uint32_t *
create_bits (pixman_format_code_t format,
int width,
int height,
- int * rowstride_bytes)
+ int * rowstride_bytes)
{
int stride;
- int buf_size;
+ size_t buf_size;
int bpp;
/* what follows is a long-winded way, avoiding any possibility of integer
@@ -1502,11 +1502,11 @@ create_bits (pixman_format_code_t format,
*/
bpp = PIXMAN_FORMAT_BPP (format);
- if (pixman_multiply_overflows_int (width, bpp))
+ if (_pixman_multiply_overflows_int (width, bpp))
return NULL;
stride = width * bpp;
- if (pixman_addition_overflows_int (stride, 0x1f))
+ if (_pixman_addition_overflows_int (stride, 0x1f))
return NULL;
stride += 0x1f;
@@ -1514,7 +1514,7 @@ create_bits (pixman_format_code_t format,
stride *= sizeof (uint32_t);
- if (pixman_multiply_overflows_int (height, stride))
+ if (_pixman_multiply_overflows_size (height, stride))
return NULL;
buf_size = height * stride;
diff --git a/pixman/pixman-private.h b/pixman/pixman-private.h
index 6a3935e..a25897d 100644
--- a/pixman/pixman-private.h
+++ b/pixman/pixman-private.h
@@ -691,10 +691,13 @@ void *
pixman_malloc_abc (unsigned int a, unsigned int b, unsigned int c);
pixman_bool_t
-pixman_multiply_overflows_int (unsigned int a, unsigned int b);
+_pixman_multiply_overflows_size (size_t a, size_t b);
pixman_bool_t
-pixman_addition_overflows_int (unsigned int a, unsigned int b);
+_pixman_multiply_overflows_int (unsigned int a, unsigned int b);
+
+pixman_bool_t
+_pixman_addition_overflows_int (unsigned int a, unsigned int b);
/* Compositing utilities */
void
diff --git a/pixman/pixman-utils.c b/pixman/pixman-utils.c
index cb4e621..49e3488 100644
--- a/pixman/pixman-utils.c
+++ b/pixman/pixman-utils.c
@@ -31,15 +31,19 @@
#include "pixman-private.h"
pixman_bool_t
-pixman_multiply_overflows_int (unsigned int a,
- unsigned int b)
+_pixman_multiply_overflows_size (size_t a, size_t b)
+{
+ return a >= SIZE_MAX / b;
+}
+
+pixman_bool_t
+_pixman_multiply_overflows_int (unsigned int a, unsigned int b)
{
return a >= INT32_MAX / b;
}
pixman_bool_t
-pixman_addition_overflows_int (unsigned int a,
- unsigned int b)
+_pixman_addition_overflows_int (unsigned int a, unsigned int b)
{
return a > INT32_MAX - b;
}
More information about the Pixman
mailing list