koffice/krita/image

Dmitry Kazakov dimula73 at gmail.com
Mon Dec 28 16:57:56 CET 2009


On Mon, Dec 28, 2009 at 2:02 PM, Cyrille Berger <cberger at cberger.net> wrote:

> Hi,
>
> I am not sure if I get the problem, but if the dataRect is invalid or
> empty,
> then no convolution should happen, and the correct way is to return. Or am
> I
> missing something ?
>

Without workaround: if dataRect is empty or invalid applyMatrix simply
crashes inside iterators.
The problem is applyMatrix does NOT guarantee successful execution and does
not report any fails, so it prepares bad dataRects for itself during
consecutive execution. In addition it has quite strange checks inside those
lead to fail when everything is ok, i mean

if (areaSize.width() < kw || areaSize.height() < kh || ...) return;


To ensure we don't forget about this i added a ticket:
https://bugs.kde.org/show_bug.cgi?id=220310


>
>
> On Sunday 27 December 2009, Dmitry Kazakov wrote:
> > SVN commit 1066740 by dkazakov:
> >
> > Workaround for consequent convolutions crash
> >
> >
> > FIXME: Implementation can return empty destination device
> > on faults and has no way to report this. This will cause a crash
> > on sequential convolutions inside iteratiors.
> >
> > o implementation should do it's work or assert otherwise
> >   (or report the issue somehow)
> > o check other cases of the switch for the vulnerability
> >
> > CCBUG:220310
> > CCMAIL:cberger at cberger.net <CCMAIL%3Acberger at cberger.net>
> >
> >
> >  M  +13 -1     kis_convolution_painter.cc
> >
> >
> > --- trunk/koffice/krita/image/kis_convolution_painter.cc #1066739:1066740
> > @@ -82,7 +82,19 @@
> >      switch (borderOp) {
> >      case BORDER_REPEAT: {
> >          QRect dataRect = src->exactBounds();
> > -        applyMatrixImpl<RepeatIteratorFactory>(kernel, src, srcPos,
> >  dstPos, areaSize, dataRect); +
> > +        /**
> > +         * FIXME: Implementation can return empty destination device
> > +         * on faults and has no way to report this. This will cause a
> >  crash +         * on sequential convolutions inside iteratiors.
> > +         *
> > +         * o implementation should do it's work or assert otherwise
> > +         *   (or report the issue somehow)
> > +         * o check other cases of the switch for the vulnerability
> > +         */
> > +
> > +        if(dataRect.isValid())
> > +            applyMatrixImpl<RepeatIteratorFactory>(kernel, src, srcPos,
> >  dstPos, areaSize, dataRect); }
> >      return;
> >      case BORDER_DEFAULT_FILL : {
> >
>
>
> --
> Cyrille Berger
>



-- 
Dmitry Kazakov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kimageshop/attachments/20091228/83fdc6d6/attachment.htm 


More information about the kimageshop mailing list