summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSøren Sandmann Pedersen <ssp@redhat.com>2012-09-15 03:13:09 -0400
committerSøren Sandmann Pedersen <ssp@redhat.com>2012-09-24 18:43:31 -0400
commitde60e2e0e3eb6084f8f14b63f25b3cbfb012943f (patch)
tree1f66560b6fafe361b0b4300fbb98def51efade4c
parentaa311a4641b79eac39fe602b75d7bee3de9b1dce (diff)
Fix for infinite-loop test
The infinite loop detected by "affine-test 212944861" is caused by an overflow in this expression: max_x = pixman_fixed_to_int (vx + (width - 1) * unit_x) + 1; where (width - 1) * unit_x doesn't fit in a signed int. This causes max_x to be too small so that this: src_width = 0 while (src_width < REPEAT_NORMAL_MIN_WIDTH && src_width <= max_x) src_width += src_image->bits.width; results in src_width being 0. Later on when src_width is used for repeat calculations, we get the infinite loop. By casting unit_x to int64_t, the expression no longer overflows and affine-test 212944861 and infinite-loop no longer loop forever.
-rw-r--r--pixman/pixman-inlines.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/pixman/pixman-inlines.h b/pixman/pixman-inlines.h
index 5517de5..3a3c658 100644
--- a/pixman/pixman-inlines.h
+++ b/pixman/pixman-inlines.h
@@ -859,7 +859,7 @@ fast_composite_scaled_bilinear ## scale_func_name (pixman_implementation_t *imp,
{ \
vx = v.vector[0]; \
repeat (PIXMAN_REPEAT_NORMAL, &vx, pixman_int_to_fixed(src_image->bits.width)); \
- max_x = pixman_fixed_to_int (vx + (width - 1) * unit_x) + 1; \
+ max_x = pixman_fixed_to_int (vx + (width - 1) * (int64_t)unit_x) + 1; \
\
if (src_image->bits.width < REPEAT_NORMAL_MIN_WIDTH) \
{ \