From 416bcdb1ac44f5748b2865ab2b81a6987fc2e275 Mon Sep 17 00:00:00 2001 From: "donal.k.fellows@manchester.ac.uk" Date: Mon, 9 Feb 2004 14:48:20 +0000 Subject: Stop crashes when copying a large photo to itself causes resizing. [Bug 877950] --- ChangeLog | 7 +++++++ generic/tkImgPhoto.c | 8 +++++++- tests/imgPhoto.test | 10 +++++++++- 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 80d1569..0f5800c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2004-02-09 Donal K. Fellows + + * generic/tkImgPhoto.c (Tk_PhotoPutBlock, Tk_PhotoPutZoomedBlock): + * tests/imgPhoto.test (imgPhoto-16.1): Better handling of the case + when copying from one area of a photo to another triggers a + resizing of the image. [Bug 877950] + 2004-02-07 David Gravereaux * win/makefile.vc: diff --git a/generic/tkImgPhoto.c b/generic/tkImgPhoto.c index 3b3574e..d5bf02d 100644 --- a/generic/tkImgPhoto.c +++ b/generic/tkImgPhoto.c @@ -17,7 +17,7 @@ * Department of Computer Science, * Australian National University. * - * RCS: @(#) $Id: tkImgPhoto.c,v 1.43 2004/01/13 02:06:00 davygrvy Exp $ + * RCS: @(#) $Id: tkImgPhoto.c,v 1.44 2004/02/09 14:48:20 dkf Exp $ */ #include "tkInt.h" @@ -4291,6 +4291,7 @@ Tk_PhotoPutBlock(interp, handle, blockPtr, x, y, width, height, compRule) xEnd = x + width; yEnd = y + height; if ((xEnd > masterPtr->width) || (yEnd > masterPtr->height)) { + int sameSrc = (blockPtr->pixelPtr == masterPtr->pix32); if (ImgPhotoSetSize(masterPtr, MAX(xEnd, masterPtr->width), MAX(yEnd, masterPtr->height)) == TCL_ERROR) { if (interp != NULL) { @@ -4300,6 +4301,10 @@ Tk_PhotoPutBlock(interp, handle, blockPtr, x, y, width, height, compRule) } return TCL_ERROR; } + if (sameSrc) { + blockPtr->pixelPtr = masterPtr->pix32; + blockPtr->pitch = masterPtr->width * 4; + } } if ((y < masterPtr->ditherY) || ((y == masterPtr->ditherY) @@ -4610,6 +4615,7 @@ Tk_PhotoPutZoomedBlock(interp, handle, blockPtr, x, y, width, height, } if (sameSrc) { blockPtr->pixelPtr = masterPtr->pix32; + blockPtr->pitch = masterPtr->width * 4; } } diff --git a/tests/imgPhoto.test b/tests/imgPhoto.test index 4a5eead..fe8228d 100644 --- a/tests/imgPhoto.test +++ b/tests/imgPhoto.test @@ -9,7 +9,7 @@ # # Author: Paul Mackerras (paulus@cs.anu.edu.au) # -# RCS: @(#) $Id: imgPhoto.test,v 1.16 2003/04/01 21:06:37 dgp Exp $ +# RCS: @(#) $Id: imgPhoto.test,v 1.17 2004/02/09 14:48:20 dkf Exp $ package require tcltest 2.1 eval tcltest::configure $argv @@ -655,6 +655,14 @@ test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \ list [catch {image create photo -width 32000 -height 32000} msg] $msg } {1 {not enough free memory for image buffer}} +test imgPhoto-16.1 {copying to self doesn't access freed memory} { + # Bug 877950 makes this crash when trying to copy out of a deallocated area + set photo [image create photo] + $i put red -to 0 0 1000 1000 + $i copy $i -from 0 0 1000 1000 -to 500 0 + image delete $i +} {} + destroy .c eval image delete [image names] -- cgit v0.12