Jump to content

A couple bugs in the win32 display driver


Recommended Posts

The gdisp_lld_blit_area() function is broken in a few ways, both to do with blits whose source X coordinate is non-zero:

1. The following line is intended to compute the source array for the blit operation, but doesn't take into account the source offset.

buffer += g->p.x2*g->p.y1; 

It should be changed to something like:

buffer += g->p.x2 * g->p.y1 + g->p.x1;

2. Near the bottom of the function, the following code is intended to detect if a rotation has been done (thereby changing the buffer variable from the pixmap base buffer to a freshly allocated, rotated buffer:

buffer = g->p.ptr;
buffer += g->p.x2 * g->p.y1 + g->p.x1;

//STUFF

if (orientation needs to change):
	buffer = rotateimg(g, buffer);

//STUFF

if (buffer != (gPixel *)g->p.ptr)
	free(buffer);

The problem is that after setting buffer to the pixmap base array at the top of the function, it is tweaked by horizontal and vertical offsets to a new value representing the top left of the source image, but is still located in the original pixmap buffer.  This means that if your source x or y offsets are non-zero and rotation is not required, it will erroneously decide that is has rotated the image and needs to free the array, causing a crash (free an invalid memory pointer).  It should be fixed to something more like:

buffer = g->p.ptr;
buffer += g->p.x2 * g->p.y1 + g->p.x1;
bufferBase = buffer;

//STUFF

if (orientation needs to change)
	buffer = rotateimg(g, buffer);

//STUFF

if (bufferBase != buffer)
	free(buffer);

 

Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...