D11198: [libbreezecommon] add box shadow helper

Vlad Zagorodniy noreply at phabricator.kde.org
Sun Apr 22 11:43:19 UTC 2018 

zzag updated this revision to Diff 32789.
zzag added a comment.


  Fix invalid read of size 1
  
  Valgrind output:
  
    ==8054== Invalid read of size 1
    ==8054==    at 0x1D8818C6: Breeze::BoxShadowHelper::blurAlphaNaivePass(QImage const&, QImage&, QVector<double> const&) (in /home/vlad/KDE/usr/lib64/libbreezecommon.so.5.12.80)
    ==8054==    by 0x1D8819F3: Breeze::BoxShadowHelper::blurAlphaNaive(QImage&, int) (in /home/vlad/KDE/usr/lib64/libbreezecommon.so.5.12.80)
    ==8054==    by 0x1D8822DA: Breeze::BoxShadowHelper::boxShadow(QPainter*, QRect const&, QPoint const&, int, QColor const&) (in /home/vlad/KDE/usr/lib64/libbreezecommon.so.5.12.80)
    ==8054==    by 0x1D60C8CC: Breeze::ShadowHelper::shadowTiles() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so)
    ==8054==    by 0x1D60C341: Breeze::ShadowHelper::loadConfig() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so)
    ==8054==    by 0x1D618B51: Breeze::Style::loadConfiguration() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so)
    ==8054==    by 0x1D613D3E: Breeze::Style::Style() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so)
    ==8054==    by 0x1D63C52F: Breeze::StylePlugin::create(QString const&) (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so)
    ==8054==    by 0x7B18B62: QStyleFactory::create(QString const&) (in /usr/lib/libQt5Widgets.so.5.10.1)
    ==8054==    by 0x7AABA9B: QApplication::style() (in /usr/lib/libQt5Widgets.so.5.10.1)
    ==8054==    by 0x7AABDF5: QApplicationPrivate::initialize() (in /usr/lib/libQt5Widgets.so.5.10.1)
    ==8054==    by 0x7AABE5A: QApplicationPrivate::init() (in /usr/lib/libQt5Widgets.so.5.10.1)
    ==8054==  Address 0x16b332f7 is 3 bytes after a block of size 19,044 alloc'd
    ==8054==    at 0x4C2CEDF: malloc (vg_replace_malloc.c:299)
    ==8054==    by 0x82FDEDA: QImageData::create(QSize const&, QImage::Format) (in /usr/lib/libQt5Gui.so.5.10.1)
    ==8054==    by 0x82FE06C: QImage::QImage(QSize const&, QImage::Format) (in /usr/lib/libQt5Gui.so.5.10.1)
    ==8054==    by 0x82FE0A5: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQt5Gui.so.5.10.1)
    ==8054==    by 0x1D8819C5: Breeze::BoxShadowHelper::blurAlphaNaive(QImage&, int) (in /home/vlad/KDE/usr/lib64/libbreezecommon.so.5.12.80)
    ==8054==    by 0x1D8822DA: Breeze::BoxShadowHelper::boxShadow(QPainter*, QRect const&, QPoint const&, int, QColor const&) (in /home/vlad/KDE/usr/lib64/libbreezecommon.so.5.12.80)
    ==8054==    by 0x1D60C8CC: Breeze::ShadowHelper::shadowTiles() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so)
    ==8054==    by 0x1D60C341: Breeze::ShadowHelper::loadConfig() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so)
    ==8054==    by 0x1D618B51: Breeze::Style::loadConfiguration() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so)
    ==8054==    by 0x1D613D3E: Breeze::Style::Style() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so)
    ==8054==    by 0x1D63C52F: Breeze::StylePlugin::create(QString const&) (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so)
    ==8054==    by 0x7B18B62: QStyleFactory::create(QString const&) (in /usr/lib/libQt5Widgets.so.5.10.1)
  
  The reason: I forgot that the kernel is of size `2 * radius + 1` so when blurAlphaNaivePass 
  convolving near ends it doesn't take 1 into account. Overall, fix looks like this
  
    diff --git a/libbreezecommon/breezeboxshadowhelper.cpp b/libbreezecommon/breezeboxshadowhelper.cpp
    index 625cb26a..17d18ecd 100644
    --- a/libbreezecommon/breezeboxshadowhelper.cpp
    +++ b/libbreezecommon/breezeboxshadowhelper.cpp
    @@ -118,7 +118,7 @@ void blurAlphaNaivePass(const QImage &src, QImage &dst, const QVector<qreal> &ke
             }
    
             for (int x = src.width() - radius; x < src.width(); x++) {
    -            const uchar *window = in + (x - radius) * alphaStride;
    +            const uchar *window = in + (x - radius - 1) * alphaStride;
                 qreal alpha = 0;
                 const int outside = x + radius - src.width();
                 for (int k = 0; k < kernel.size() - outside; k++) {

REPOSITORY
  R31 Breeze

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D11198?vs=31846&id=32789

BRANCH
  arcpatch-D11198

REVISION DETAIL
  https://phabricator.kde.org/D11198

AFFECTED FILES
  CMakeLists.txt
  cmake/Modules/FindFFTW.cmake
  kstyle/CMakeLists.txt
  libbreezecommon/CMakeLists.txt
  libbreezecommon/breezeboxshadowhelper.cpp
  libbreezecommon/breezeboxshadowhelper.h
  libbreezecommon/config-breezecommon.h.cmake

To: zzag, #breeze, #vdg, hpereiradacosta
Cc: broulik, abetts, plasma-devel, ragreen, Pitel, ZrenBot, lesliezhai, ali-mohamed, jensreuterberg, sebas, apol, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20180422/8824a7da/attachment.html>

More information about the Plasma-devel mailing list