koffice/krita/image
Cyrille Berger
cberger at cberger.net
Mon Dec 28 12:02:52 CET 2009
Hi,
I am not sure if I get the problem, but if the dataRect is invalid or empty,
then no convolution should happen, and the correct way is to return. Or am I
missing something ?
On Sunday 27 December 2009, Dmitry Kazakov wrote:
> SVN commit 1066740 by dkazakov:
>
> Workaround for consequent convolutions crash
>
>
> FIXME: Implementation can return empty destination device
> on faults and has no way to report this. This will cause a crash
> on sequential convolutions inside iteratiors.
>
> o implementation should do it's work or assert otherwise
> (or report the issue somehow)
> o check other cases of the switch for the vulnerability
>
> CCBUG:220310
> CCMAIL:cberger at cberger.net
>
>
> M +13 -1 kis_convolution_painter.cc
>
>
> --- trunk/koffice/krita/image/kis_convolution_painter.cc #1066739:1066740
> @@ -82,7 +82,19 @@
> switch (borderOp) {
> case BORDER_REPEAT: {
> QRect dataRect = src->exactBounds();
> - applyMatrixImpl<RepeatIteratorFactory>(kernel, src, srcPos,
> dstPos, areaSize, dataRect); +
> + /**
> + * FIXME: Implementation can return empty destination device
> + * on faults and has no way to report this. This will cause a
> crash + * on sequential convolutions inside iteratiors.
> + *
> + * o implementation should do it's work or assert otherwise
> + * (or report the issue somehow)
> + * o check other cases of the switch for the vulnerability
> + */
> +
> + if(dataRect.isValid())
> + applyMatrixImpl<RepeatIteratorFactory>(kernel, src, srcPos,
> dstPos, areaSize, dataRect); }
> return;
> case BORDER_DEFAULT_FILL : {
>
--
Cyrille Berger
More information about the kimageshop
mailing list