[Pixman] [PATCH 3/3] Possible fix for infinite loop
Søren Sandmann
sandmann at cs.au.dk
Sat Sep 15 00:39:51 PDT 2012
From: Søren Sandmann Pedersen <ssp at redhat.com>
The infinite loop detected by "affine-test 212944861" is caused by an
overflow in this expression:
max_x = pixman_fixed_to_int (vx + (width - 1) * unit_x) + 1;
where (width - 1) * unit_x doesn't fit in a signed int.
By casting unit_x to int64_t, the expression no longer overflows and
affine-test 212944861 no longer loops forever.
---
pixman/pixman-inlines.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pixman/pixman-inlines.h b/pixman/pixman-inlines.h
index 5517de5..3a3c658 100644
--- a/pixman/pixman-inlines.h
+++ b/pixman/pixman-inlines.h
@@ -859,7 +859,7 @@ fast_composite_scaled_bilinear ## scale_func_name (pixman_implementation_t *imp,
{ \
vx = v.vector[0]; \
repeat (PIXMAN_REPEAT_NORMAL, &vx, pixman_int_to_fixed(src_image->bits.width)); \
- max_x = pixman_fixed_to_int (vx + (width - 1) * unit_x) + 1; \
+ max_x = pixman_fixed_to_int (vx + (width - 1) * (int64_t)unit_x) + 1; \
\
if (src_image->bits.width < REPEAT_NORMAL_MIN_WIDTH) \
{ \
--
1.7.11.4
More information about the Pixman
mailing list