From 5e1a7db351894f12bed8acd58aa4d95b72548532 Mon Sep 17 00:00:00 2001 From: dkf Date: Mon, 9 Feb 2004 14:40:30 +0000 Subject: Stop crashes when copying a large photo to itself causes resizing. [Bug 877950] --- ChangeLog | 7 +++++++ generic/tkImgPhoto.c | 9 ++++++++- tests/imgPhoto.test | 10 +++++++++- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 49130e0..96b10a2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2004-02-09 Donal K. Fellows + + * generic/tkImgPhoto.c (Tk_PhotoPutBlock, Tk_PhotoPutZoomedBlock): + * tests/imgPhoto.test (imgPhoto-16.1): Better handling of the case + when copying from one area of a photo to another triggers a + resizing of the image. [Bug 877950] + 2004-02-03 Jeff Hobbs * library/menu.tcl (::tk::MbPost): make menubuttons that post diff --git a/generic/tkImgPhoto.c b/generic/tkImgPhoto.c index 5bec1a6..d525660 100644 --- a/generic/tkImgPhoto.c +++ b/generic/tkImgPhoto.c @@ -17,7 +17,7 @@ * Department of Computer Science, * Australian National University. * - * RCS: @(#) $Id: tkImgPhoto.c,v 1.36.2.3 2003/11/11 00:05:19 hobbs Exp $ + * RCS: @(#) $Id: tkImgPhoto.c,v 1.36.2.4 2004/02/09 14:40:31 dkf Exp $ */ #include "tkInt.h" @@ -4263,12 +4263,18 @@ Tk_PhotoPutBlock(handle, blockPtr, x, y, width, height, compRule) xEnd = x + width; yEnd = y + height; if ((xEnd > masterPtr->width) || (yEnd > masterPtr->height)) { + int sameSrc = (blockPtr->pixelPtr == masterPtr->pix32); if (ImgPhotoSetSize(masterPtr, MAX(xEnd, masterPtr->width), MAX(yEnd, masterPtr->height)) == TCL_ERROR) { panic(TK_PHOTO_ALLOC_FAILURE_MESSAGE); } + if (sameSrc) { + blockPtr->pixelPtr = masterPtr->pix32; + blockPtr->pitch = masterPtr->width * 4; + } } + if ((y < masterPtr->ditherY) || ((y == masterPtr->ditherY) && (x < masterPtr->ditherX))) { /* @@ -4569,6 +4575,7 @@ Tk_PhotoPutZoomedBlock(handle, blockPtr, x, y, width, height, zoomX, zoomY, } if (sameSrc) { blockPtr->pixelPtr = masterPtr->pix32; + blockPtr->pitch = masterPtr->width * 4; } } diff --git a/tests/imgPhoto.test b/tests/imgPhoto.test index e2b4468..72724d3 100644 --- a/tests/imgPhoto.test +++ b/tests/imgPhoto.test @@ -9,7 +9,7 @@ # # Author: Paul Mackerras (paulus@cs.anu.edu.au) # -# RCS: @(#) $Id: imgPhoto.test,v 1.15 2002/10/18 00:48:22 hobbs Exp $ +# RCS: @(#) $Id: imgPhoto.test,v 1.15.2.1 2004/02/09 14:40:31 dkf Exp $ package require tcltest 2.1 namespace import -force tcltest::configure @@ -661,6 +661,14 @@ test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \ list [catch {image create photo -width 32000 -height 32000} msg] $msg } {1 {not enough free memory for image buffer}} +test imgPhoto-16.1 {copying to self doesn't access freed memory} { + # Bug 877950 makes this crash when trying to copy out of a deallocated area + set photo [image create photo] + $i put red -to 0 0 1000 1000 + $i copy $i -from 0 0 1000 1000 -to 500 0 + image delete $i +} {} + destroy .c eval image delete [image names] -- cgit v0.12