[PATCH] exa: only draw valid trapezoids
Daniel Martin
consume.noise at gmail.com
Thu Feb 20 07:46:21 PST 2014
This one didn't found its way into the server, though it has a pending CVE.
Is it invalid due to the fix in pixman?
On 2 October 2013 15:47, Maarten Lankhorst
<maarten.lankhorst at canonical.com> wrote:
> Fixes freedesktop.org bug https://bugs.freedesktop.org/show_bug.cgi?id=67484
>
> If t->bottom is close to MIN_INT, removing top can wraparound, so do the check properly.
> A similar fix should also be applied to pixman.
>
> Signed-off-by: Maarten Lankhorst <maarten.lankhorst at canonical.com>
> ---
> diff --git a/exa/exa_render.c b/exa/exa_render.c
> index 172e2b5..807eeba 100644
> --- a/exa/exa_render.c
> +++ b/exa/exa_render.c
> @@ -1141,7 +1141,8 @@ exaTrapezoids(CARD8 op, PicturePtr pSrc, PicturePtr pDst,
>
> exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
> for (; ntrap; ntrap--, traps++)
> - (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
> + if (xTrapezoidValid(traps))
> + (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
> exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
>
> xRel = bounds.x1 + xSrc - xDst;
> diff --git a/render/picture.h b/render/picture.h
> index c85353a..fcd6401 100644
> --- a/render/picture.h
> +++ b/render/picture.h
> @@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed;
> /* whether 't' is a well defined not obviously empty trapezoid */
> #define xTrapezoidValid(t) ((t)->left.p1.y != (t)->left.p2.y && \
> (t)->right.p1.y != (t)->right.p2.y && \
> - (int) ((t)->bottom - (t)->top) > 0)
> + ((t)->bottom > (t)->top))
>
> /*
> * Standard NTSC luminance conversions:
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
More information about the xorg-devel
mailing list