From 7d97cdcfb889995cd2822ce432bdf7c8e61d69ad Mon Sep 17 00:00:00 2001 From: Jiyoun Park Date: Mon, 13 Jun 2011 14:34:06 +0900 Subject: [PATCH] evas_scale_function overflow problem evas scale function usually use shift operation for fixed point. it shift 16bit so if the value is over (1 << 15)-1 , it make overflow. so I add check code to scale function whether the value exceed (1 << 15) -1. Change-Id: Idce73f290b1f27e1b4df472c56eec77354e97fc8 --- src/lib/engines/common/evas_scale_smooth.c | 5 +++-- src/lib/engines/common/evas_scale_smooth_scaler_up.c | 4 ++++ src/lib/engines/common/evas_scale_span.c | 12 ++++++------ src/lib/include/evas_common.h | 2 ++ 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/lib/engines/common/evas_scale_smooth.c b/src/lib/engines/common/evas_scale_smooth.c index b8f392b..d3aada6 100644 --- a/src/lib/engines/common/evas_scale_smooth.c +++ b/src/lib/engines/common/evas_scale_smooth.c @@ -22,7 +22,7 @@ static void scale_calc_y_points(DATA32** p, DATA32 *src, int sw, int sh, int dh, int cy, int ch) { int i, val, inc; - + if (sh > SCALE_SIZE_MAX) return; val = 0; inc = (sh << 16) / dh; for (i = 0; i < dh; i++) @@ -39,7 +39,7 @@ static void scale_calc_x_points(int *p, int sw, int dw, int cx, int cw) { int i, val, inc; - + if (sw > SCALE_SIZE_MAX) return; val = 0; inc = (sw << 16) / dw; for (i = 0; i < dw; i++) @@ -57,6 +57,7 @@ scale_calc_a_points(int *p, int s, int d, int c, int cc) { int i, val, inc; + if (s > SCALE_SIZE_MAX) return; if (d >= s) { val = 0; diff --git a/src/lib/engines/common/evas_scale_smooth_scaler_up.c b/src/lib/engines/common/evas_scale_smooth_scaler_up.c index a412956..7327ac5 100644 --- a/src/lib/engines/common/evas_scale_smooth_scaler_up.c +++ b/src/lib/engines/common/evas_scale_smooth_scaler_up.c @@ -12,6 +12,10 @@ DATA32 *buf, *pbuf, *pbuf_end; RGBA_Gfx_Func func = NULL; + /* check value to make overflow(only check value related with overflow) */ + if ((src_region_w > SCALE_SIZE_MAX) || + (src_region_h > SCALE_SIZE_MAX)) return; + /* a scanline buffer */ pdst = dst_ptr; // it's been set at (dst_clip_x, dst_clip_y) pdst_end = pdst + (dst_clip_h * dst_w); diff --git a/src/lib/engines/common/evas_scale_span.c b/src/lib/engines/common/evas_scale_span.c index 9fd4d86..e0fefb2 100644 --- a/src/lib/engines/common/evas_scale_span.c +++ b/src/lib/engines/common/evas_scale_span.c @@ -10,7 +10,7 @@ evas_common_scale_rgba_span_(DATA32 *src, DATA8 *mask __UNUSED__, int src_len, D if (!src || !dst) return; if ((src_len < 1) || (dst_len < 1)) return; - if ((src_len > 65535) || (dst_len > 65535)) return; + if ((src_len > SCALE_SIZE_MAX) || (dst_len > SCALE_SIZE_MAX)) return; if (mul_col != 0xffffffff) mul = 1; if (dir < 0) @@ -114,7 +114,7 @@ evas_common_scale_rgba_a8_span_(DATA32 *src, DATA8 *mask, int src_len, DATA32 mu if (!src || !mask || !dst) return; if ((src_len < 1) || (dst_len < 1)) return; - if ((src_len > 65535) || (dst_len > 65535)) return; + if ((src_len > SCALE_SIZE_MAX) || (dst_len > SCALE_SIZE_MAX)) return; if (mul_col != 0xffffffff) mul = 1; if (dir < 0) @@ -241,7 +241,7 @@ evas_common_scale_a8_span_(DATA32 *src __UNUSED__, DATA8 *mask, int src_len, DAT if (!mask || !dst) return; if ((src_len < 1) || (dst_len < 1)) return; - if ((src_len > 65535) || (dst_len > 65535)) return; + if ((src_len > SCALE_SIZE_MAX) || (dst_len > SCALE_SIZE_MAX)) return; if (dir < 0) { pdst += dst_len - 1; @@ -316,7 +316,7 @@ evas_common_scale_clip_a8_span_(DATA32 *src __UNUSED__, DATA8 *mask, int src_len if (!mask || !dst) return; if ((src_len < 1) || (dst_len < 1)) return; - if ((src_len > 65535) || (dst_len > 65535)) return; + if ((src_len > SCALE_SIZE_MAX) || (dst_len > SCALE_SIZE_MAX)) return; if (mul_col != 0xffffffff) mul = 1; if (dir < 0) @@ -483,7 +483,7 @@ evas_common_scale_hsva_span(DATA32 *src, DATA8 *mask __UNUSED__, int src_len, DA if (!src || !dst) return; if ((src_len < 1) || (dst_len < 1)) return; - if ((src_len > 65535) || (dst_len > 65535)) return; + if ((src_len > SCALE_SIZE_MAX) || (dst_len > SCALE_SIZE_MAX)) return; if (mul_col != 0xffffffff) mul = 1; if (dir < 0) @@ -566,7 +566,7 @@ evas_common_scale_hsva_a8_span(DATA32 *src, DATA8 *mask, int src_len, DATA32 mul if (!src || !mask || !dst) return; if ((src_len < 1) || (dst_len < 1)) return; - if ((src_len > 65535) || (dst_len > 65535)) return; + if ((src_len > SCALE_SIZE_MAX) || (dst_len > SCALE_SIZE_MAX)) return; if (mul_col != 0xffffffff) mul = 1; if (dir < 0) diff --git a/src/lib/include/evas_common.h b/src/lib/include/evas_common.h index 08f91f2..5395451 100644 --- a/src/lib/include/evas_common.h +++ b/src/lib/include/evas_common.h @@ -1140,6 +1140,8 @@ struct _Convert_Pal /*****************************************************************************/ +#define SCALE_SIZE_MAX ((1 << 15) - 1) + #ifdef __cplusplus extern "C" { #endif -- 2.7.4