summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-09-05modules/roto: move tables init to context createVito Caputo
Mechanical rearrangement, but ultimately there probably needs to be an initialize function added to til_module_t. With all the threading chaos going on, this approach to implicit initialization with a static flag is racy without using atomics. For now it's probably marginally better to do this in context create vs. prepare frame. Context creates *tend* to happen in single-threaded phases of execution, and infrequently. Prepare frame is a serialized phase of the rendering for a given context, but there can be many contexts in-flight simultaneously now with all the forms of compositing happening, sometimes from multiple threads. So that assumption no longer holds...
2022-09-05modules/blinds: use til_ticks_to_rads(ticks)Vito Caputo
This gets rid of the static accumulator hack used for the blinds phase.
2022-09-05til_util: add helper for turning ticks into radiansVito Caputo
There's still a handful of modules doing ad-hoc radians accumulation in a static variable by simply adding a small value like .01 every render. This worked OK in the early days when 1. no rototiller instance was ever run long enough for that accumulator to become a large value where floating point precision started rearing its ugly head. and 2. rototiller never really drew the same module multiple times in compositing a frame. Now that rototiller can produce some rather interesting outputs the first assumption isn't really true - I've fixed memory leaks to enable long-running sessions, so these potential precision problems should get dealth with. And with rtv+compose/checkers+fill_module it's quite common to have a module rendering things many times in a single frame. So that previously tolerable laziness of using a static accumulator is no longer acceptable, since every invocation of the module's renderer would bump the accumulator. When you have something like checkers using blinds for the filler, every individual cell is unintentionally advancing the blinds when they're intended to be at the same phase. So this helper is being added to conveniently turn ticks into something you'd pass directly into cosf/sinf without worrying about precision issues. Future commits will start bringing modules over to use this helper instead of whatever they're doing with static variables or in-context accumulators etc. There's also another reason to prefer deriving "T" from ticks on every frame; we can do things like fast-forward/rewind effects on modules by manipulating the ticks input value. If the modules are accumulating this state privately, manipulating ticks won't have the intended effect. Of course not all modules are amenable to this kind of thing, stuff like swarm and sparkler where they do a sort of simulation contain a pile of state that isn't ticks-derived on every frame and can't really be converted to do so.
2022-09-04modules/strobe: add rudimentary strobe light moduleVito Caputo
After reading about the Dreamachine[0], I wanted to experience this phenomenon. The javascript-based web implementations struggled to hold a steady 10Hz rate and would flicker like crazy, so here we are. Only setting right now is period=float_seconds, defaults to .1 for 10Hz. One limitation in the current implementation is when the frame rate can't keep up with the period the strobe will just stick on without ever going off, because the period will always be expired. There should probably be a setting to force turning off for at least one frame when it can't keep up. [0] https://en.wikipedia.org/wiki/Dreamachine
2022-09-04til: fixup til_fb_fragment_t.texture fragmentingVito Caputo
Until now when fragmenting with a texture present the texture pointer was simply copied through to the new logical fragment. The problem with that is when sampling pixels from the texture in a nested frame scenario, the locations didn't align with the placement of the logical fragment. With this change when the incoming fragment has a texture, the output fragment gets some uninitialized memory attached in the outgoing fragment's texture pointer. Then the fragmenter is expected to do the same populating of res_fragment->texture it already did for res_fragment, just relative to fragment->texture->{buf,stride,pitch} etc. It's a bit hairy/janky because til_fb_fragment_t.texture is just a pointer to another til_fb_fragment_t. So the ephemeral/logical fragments fragmenting/tiling produces which tend to just be sitting on the stack need to get another til_fb_fragment_t instance somewhere and made available at the ephemeral til_fb_fragment_t's .texture member. We don't want to be allocating and freeing these things constantly, so for now I'm just ad-hoc stowing the pointer of an adjacent on-stack texture fragment in the .texture member when the incoming fragment has a texture. But this is gross because the rest of the fragment contents don't get initialized _at_all_, and currently if the incoming fragment has no texture the res_fragment->texture member isn't even initialized. The fragmenters aren't really supposed to be expecting anything sensible in *res_fragment, but now we're making use of res_fragment->texture *if* fragment->texture is set. This is just gross. So there's a bunch of asserts sprinkled around to help police this fragility for now, but if someone writes new fragmenters there's a good chance this will trip them up.
2022-08-11modules/plato: add some rudimentary settingsVito Caputo
Just looking to spice up plato a bit. It seems to make a lot of appearances in rtv, or is just one of those highly visible things when it's participating. Way too monotonous as-is.
2022-08-07modules/compose: add moire as a texture moduleVito Caputo
moire makes for an interesting texture, esp. mixed with itself: --seed=0x62f00a7b --module=compose,layers=julia:moire:drizzle,texture=moire
2022-08-07main: still show configured flags with --goVito Caputo
Show the info, but skip the wait step.
2022-08-07modules/drizzle: add a mapped overlay styleVito Caputo
this introduces a style= setting with values: style=mask simple alpha mask overlay style=map displacement mapped overlay I might add a lighting option for the style=map mode with a moving light source or something like that, but it's already pretty slow as-is. This is mostly just for more testing of the snapshotting, but there's some interesting compositions enabled like: module=compose,layers=submit:moire:drizzle or just moire:drizzle, when style=map happens.
2022-08-07modules/drizzle: experimenting with the new snapshottingVito Caputo
This arguably doesn't require snapshotting to work, since it's doing a rudimentary in-place single pixel alpha-blended replacement using a single pixel at the same location. But the moment it startus using multiple adjacent super-samples, the snapshot becomes necessary. If it gets further complicated with displacements and maybe bump-mapping or something, then the samples can become quite distant from the pixel being written, spreading out into neighboring fragments being rendered simultaneously etc. These are all cause for snapshotting... For now though it's a very simple implementation that at least makes drizzle overlayable, while also providing a smoke test for the new snapshotting functionality.
2022-08-07til: experimentally fragment-centric page apiVito Caputo
It seems like it might be most ergonomic and convenient for everything to just use til_fb_fragment_t and rely on ops.submit to determine if the fragment is a page or not, and if it is how to submit it. This commit brings things into that state of the world, it feels kind of gross at the til_fb_page_*() API. See the large comment in til_fb.c added by this commit for more information. I'm probably going to just run with this for now, it can always get cleaned up later. What's important is to get the general snapshotting concept and functionality in place so modules can make use of it. There will always be things to cleanup in this messy tangle of a program.
2022-08-07til: til_fb_fragment_t **fragment_ptr all the thingsVito Caputo
Preparatory commit for enabling cloneable/swappable fragments There's an outstanding issue with the til_fb_page_t submission, see comments. Doesn't matter for now since cloning doesn't happen yet, but will need to be addressed before they do.
2022-08-07til_fb: introduce til_fb_fragment_t.opsVito Caputo
There's a need for the ability to efficiently snapshot fragments via buffer swapping when possible, for modules that want to do overlay effects which sample the input fragment at arbitrary pixels other than the one being written to, while producing output pixels. Without first making a stable snapshot of the input fragment's contents, you can't implement such algorithms because you destroy the input fragment while writing the output pixels. A simple solution would be to just allocate memory and copy the input fragment's contents into the allocation, then sample the copy while writing to the input (now output) fragment's memory. But when the input fragment represents the entire framebuffer page/window, it's technically practical to instead simply swap out the input fragment for a fresh fragment acquired from the framebuffer/window provider. Then just sample from the original fragment while writing to the freshly acquired one now taking the original's place. Simple enough. Except til_fb_fragment_t is also used to describe subfragments within a larger buffer, and these can't be made discontiguous and swapped out. For these fragments there's no escaping the need for a copy to be made of the contents. So there needs to be a way for the fragment itself to furnish an appropriate snapshotting mechanism, and when what the cloning mechanism returns can vary. Depending on the snapshotting mechanism's implementation, there's also a need for the fragment to furnish an appropriate free method. If the snapshot is an entire page from the native video backend, the backend must free it. If it's just libc heap-allocated memory, then a plain old free() suffices. If for some reason the memory can't be freed, then a NULL free() method would be appropriate to simply do nothing. So this commit introduces such free() and snapshot() methods in the form of a til_fb_fragment_ops_t struct. There's no implementations or use of these as of yet, this is purely preparatory. In addition to free() and snapshot(), a submit() method has also been introduced for submitting ready frames to be displayed. Not all fragments may be submitted, only "root" fragments which represent an entire page from the video backend. It's these fragments which will have a non-NULL submit() method, which the video backend will have initialized appropriately in returning the page's root fragment. This is a preparatory change in anticipation of removing the til_fb_page_t type altogether, replacing it with a simple til_fb_fragment_t having the ops.submit() method set.
2022-07-27setup: don't spin on EOF in setup_interactively()Vito Caputo
If you hit ^D during interactive setup it'd send things infinitely spinning. This commit treats eof when expecting more input as -EIO and simply gives up. Which I imagine technically means it's possible to terminate the last interactive question with EOF/^D instead of newline and have it work, since we only check it before the fgets() used to get more input.
2022-07-24modules/checkers: center unaligned checkers scenariosVito Caputo
This introduces a bespoke fragmenter for checkers. The generic til_fb tiler isn't concerned with aesthetics so it doesn't particularly care if clipped tiles are asymmetrically distributed. It worked fine to get checkers developed and working, but it's really unattractive to have the whole be off-centered when the checkers don't perfectly align with the frame size. There's some gross aspects like leaving the frame_{width,height} to be corrected at render time so render_fragment can access the incoming frame_width for cell state determination.
2022-07-24modules/plato: scale to frame sizeVito Caputo
quick and dirty fixup for proper use as checkers fill_module= note this thing already relies on _checked() put_pixel variant
2022-07-24modules/stars: more fast and nasty fragment clip to frame fixesVito Caputo
s/unchecked/checked/ and use frame dimensions, probably more fixes needed but this prevents crashing as checkers fill_module= at least.
2022-07-24modules/spiro: fast and dirty frame clipping fixupVito Caputo
Sorry but more s/unchecked/checked/ and now this seems to not crash when used as a checkers fill_module.
2022-07-24modules/shapes: fix up clipped fragment/frameVito Caputo
This is a first approximation of correct handling of arbitrarily clipped frames described by the incoming fragment. It's still relying on the _checked() put_pixel variants for clipping. That should probably be improved by constraining the loops to the clipped fragment edges.
2022-07-21til: simplify and clarify module_render_fragment()Vito Caputo
This consolidates the prepare_frame+render_fragment potentially-threaded branch but more importantly introduces some asserts codifying the whole prepare_frame() must return a fragmenter /and/ be accompanied by a render_fragment(). Any single-threaded modules are expected to just populate render_fragment() and leave prepare_frame() unused.
2022-07-21modules/{compose,rtv}: s/prepare_frame/render_fragment/Vito Caputo
These modules have been doing their work in prepare_frame(), but aren't actually threaded modules and don't return a frame plan from prepare_frame() nor do they provide a render_fragment() to complement the prepare_frame(). The convention thus far has been that single-threaded modules just provide a render_fragment and by not providing a prepare_frame they will be executed serially. These two modules break the contract in a sense by using prepare_frame() without following up with render_fragment(). I'm not sure why it happened that way, maybe at one time prepare_frame() had access to some things that render_fragment() didn't. In any case, just make these use render_fragment() like any other simple non-threaded module would. This was actually causing a crash when n_cpus=1 because module_render_fragment() was assuming the prepare_frame() branch would include a render_fragment(). It should probably be asserting as such.
2022-07-20til_settings: support rudimentary =value escapingVito Caputo
This is a step towards properly handling nested settings, so we can do stuff like: --module=rtv,channels=compose\,layers=checkers\\\,fill_module=shapes\\\,size=64\,texture=plasma and have rtv actually cycle through just compose with checkers+plasma layers but holding the specified checkers settings to shapes filler with a size of 64, randomizing the rest. There's more work to do before that can actually happen, but first thing is to just support escaping the settings values.
2022-07-20modules/pixbounce: s/rand/rand_r/Vito Caputo
Wire up seed via til_module_context.seed in the obvious manner, minimal change to the code, no functional difference besides giving pixbounces instances an isolated random seed state.
2022-07-20modules/meta2d: more rand()->rand_r() conversionsVito Caputo
Normalized all the randomizers to use til_module_context.seed while in here.
2022-07-20libs/sig: add blurb comment about need for seedVito Caputo
Nothing uses libs/sig yet, but this will probably become an issue once that changes.
2022-07-20modules/checkers: one more rand/rand_r conversionVito Caputo
wired up to til_module_context.seed
2022-07-20modules/sparkler: s/rand/rand_r/ and wire up seedVito Caputo
This is a little contorted but not too bad. The input to particles_new() is just a const conf struct, so instead of passing in the seed value for particles_t to contain, a pointer to where the seed lives is passed in via the conf. This requires the caller to persist a seed somewhere outside the particles instance, but at least in rototiller we already have that conveniently in til_module_context_t.
2022-07-20modules/drizzle: switch to rand_r w/local seedVito Caputo
More obvious migrations to using the supplied seed
2022-07-20libs/din: pass seed to din_new()Vito Caputo
also update call sites in modules/{meta2d,swab} accordingly
2022-07-20modules/submit: wire up seed to randomizersVito Caputo
More plumbing seed to rand in the obvious way...
2022-07-20modules/swarm: wire up seed to various randomizersVito Caputo
Just plumbing seed down in the obvoius manner, this could probably be cleaned up a bit in the future.
2022-07-20main: show --seed with print_setup_as_args()Vito Caputo
The purpose of printing the setup is to enable reproducing it, the seed is part of that reconstruction - especially when it's been autogenerated.
2022-07-20modules/flui2d: fix clockstep value to match defaultVito Caputo
Due to how the values get matched as strings this extraneous 0 was interfering with FLUI2D_DEFAULT_CLOCKSTEP actually matching anything.
2022-07-18modules/rtv: s/rand/rand_r/Vito Caputo
just fixing up some vestigial rand() invocations to use the seed
2022-07-18til: wire seed up to til randomizersVito Caputo
til_setting_desc_t.random() and til_module_randomize_setup() now take seeds. Note they are not taking a pointer to a shared seed, but instead receive the seed by value. If a caller wishes the seed to evolve on every invocation into these functions, it should simply insert a rand_r(&seed) in producing the supplied seed value. Within a given randomizer, the seed evolves when appropriate. But isolating the effects by default seems appropriate, so callers can easily have determinism within their respective scope regardless of how much nested random use occurs.
2022-07-18til_args: add --seed= explicit PRNG seeding supportVito Caputo
This enables reproducible yet pseudo-randomized visuals, at least for the fully procedural modules. The modules that are more simulation-y like sparkler and swarm will still have runtime variations since they are dependent on how much the simulation can run and there's been a lot of sloppiness surrounding delta-t correctness and such. But still, in a general sense, you'll find more or less similar results even when doing randomized things like module=rtv,channels=compose using the same seed value. For the moment it only accepts a hexadecimal value, the leading 0x is optional. e.g. these are all valid: --seed=0xdeadbeef --seed=0xdEAdBeFf --seed=0x (produces 0) --seed=0xff --seed=deadbeef --seed=ff --seed= (produces 0) --seed=0 (produces 0) when you exceed the natural word size of an unsigned int on your host architecture, an overflow error will be returned. there are remaining issues to be fixed surrounding PRNG reproducibility, in that things like til_module_randomize_setup() doesn't currently accept a seed value. However it doesn't even use rand_r() currently, but when it invokes desc->random() the module's random() implementation should be able to use rand_r() and needs to be fed the seed. So that all still needs wiring up to propagate the root seed down everywhere it may be relevant.
2022-07-15build: always build the rototiller binVito Caputo
Now that there's the mem_fb backend, there's no need to disable producing a rototiller binary in lieu of libdrm and libsdl2. This commit also rejiggers some of the DEFAULT_VIDEO junk in main.c to ensure it falls back on "mem" should there be no drm or sdl2. For now I'm going to leave the AM_CONDITIONAL junk surrounding enabling rototiller in configure.ac, the define can just be ignored for now.
2022-07-15mem_fb: introduce --video=mem; a dummy in-memory video backendVito Caputo
The immediate impetus for adding this is to enable running rototiller even on headless machines just for the sake of getting some FPS measurements. It'd be nice to get a sense for what FPS rototiller would experience on larger modern machines like big EPYC or Threadripper systems. But it seems most of those I can get access to via others running them on work hardware or the like can at most just run it over ssh without any display or risk of disrupting the physical console. But this is probably also useful for testing/debugging purposes, especially since it doesn't bother to synchronize flips on anything not even a timer. So a bunch of display complexity is removed running with video=mem as well as letting the framerate run unbounded. Having said that, it might be nice to add an fps=N setting where mem_fb uses a plain timer for scheduling the flips. Currently the only setting is size=WxH identical to the sdl_fb size= setting, defaulting to 640x480.
2022-07-15til_fb: switch til_fb_ops_t.init() to use til_setup_tVito Caputo
Until now the fb init has been receiving a til_settings_t to access its setup. Now that there's a til_setup_t for representing the fully baked setup, let's bring the fb stuff up to speed so their init() behaves more like til_module_t.create_context() WRT settings/setup. This involves some reworking of how settings are handled in {drm,sdl}_fb.c but nothing majorly different. The only real funcitonal change that happened in the course of this work is I made it possible now to actually instruct SDL to do a more legacy SDL_WINDOW_FULLSCREEN vs. SDL_WINDOW_FULLSCREEN_DESKTOP where SDL will attempt to switch the video mode. This is triggered by specifying both a size=WxH and fullscreen=on for video=sdl. Be careful though, I've observed some broken display states when specifying goofy sizes, which look like Xorg bugs.
2022-06-13modules/sparkler: plug longstanding chunker leakVito Caputo
Once upon a time this thing asserted the pinned chunks were empty, and that code is still sitting there commented out. But when it was commented out ages ago, to enable bulk freeing of chunkers without requiring unrefs of every allocation as an optimization, no code was added to free the pinned chunks. It's been easily ignored all this time since nobody really runs rototiller long enough to notice, but that's becoming less true now with how interesting something like: --module=rtv,layers=compose,duration=1,context_duration=1,snow_module=none is becoming... There are other leaks still, largely surrounding settings, but they are quite small. Eventually those will get tidied up as well.
2022-06-10modules/checkers: experimenting with fill modesVito Caputo
this introduces a color= setting syntax: color=#rrggbb color=0xrrggbb color=rrggbb where rrggbb is case-insensitive html-style hexadecimal also introduces a fill= setting: fill=color fill=sampled fill=textured fill=random fill=mixed sampled draws the color from the incoming fragment when layered, textured draws the pixels from the texture when available, random randomizes the choice from color,sampled,textured. mixed isn't implemented fully and is just aliased to random currently. The thinking for mixed is to allow specifying proportions for color,sampled,textured which would then be applied as weights when randomizing the selection from the three at every filled checker. the current implementation is just calling rand() when randomized, but should really be like the other dynamics in checkers with rate control and hash-based. and introduces a fill_module= setting: this is a first stab at employing other modules for filling the filled cells. Note since checkers is already a threaded module, the fill module context gets created per-cpu but with an n_cpus=1. This is kind of the first time module contexts are being rendered manifold for the same frame, and that's illuminating some shortcomings which needed to be dealt with. Some modules automatically advance a phase/T value on every render which gets persisted in their context struct. With how checkers is using contexts, it's desirable for multiple renders of the same context using the same ticks to produce the same output. So modules need to be more careful about time and determine "dt" (delta-time) values, and animate proportional to ticks elapsed. When ticks doesn't change between renders, dt is zero, and nothing should change. For now this is using a hard-coded list of modules to choose from, you specify the module by name or "none" for no fill_module (solid checker fill). ex: "fill_module=shapes" There's a need for something like fragment color and flag overrides to allow til_module_render() to be treated as more of a brush where the caller gets to specify what colors to use, or if texturing should be allowed. For now, when fill_module=$module is employed, the color determination stuff within checkers doesn't get applied. That will need to be fixed in the future.
2022-06-10til: introduce til_frame_plan_t and .cpu_affinityVito Caputo
modules/checkers w/fill_module=$module requires a consistent mapping of cpu to fragnum since it creates a per-cpu til_module_context_t for the fill_module. The existing implementation for threaded rendering maximizes performance by letting *any* scheduled to run thread advance fragnum atomically and render the acquired fragnum indiscriminately. A side effect of this is any given frame, even rendered by the same module, will have a random mapping of cpus/threads to fragnums. With this change, the simple til_module_t.prepare_frame() API of returning a bare fragmenter function is changed to instead return a "frame plan" in til_frame_plan_t. Right now til_frame_plan_t just contains the same fragmenter as before, but also has a .cpu_affinity member for setting if the frame requires a stable relationship of cpu/thread to fragnum. Setting .cpu_affinity should be avoided if unnecessary, and that is the default if you don't mention .cpu_affinity at all when initializing the plan in the ergonomic manner w/designated initializers. This is because the way .cpu_affinity is implemented will leave threads spinning while they poll for *their* next fragnum using atomic intrinsics. There's probably some room for improvement here, but this is good enough for now to get things working and correct.
2022-06-10modules/roto: drive from ticks, move palette to contetxtVito Caputo
The palette mutates across frames, on a context-specific schedule. Meaning the palette is per-context, so move it into roto_context_t. The phase also needs to be driven by ticks. And when ticks doesn't change in cases where the same context is rendered manifold in the same frame, the phase shouldn't move.
2022-06-10modules/plato: derive movement from delta ticksVito Caputo
This way if a given context gets rendered repeatedly for the same tick, no movement occurs, until ticks changes.
2022-06-10til: add ticks to til_module_context_tVito Caputo
Also wire this up to the til_module_context_new() helper and all its callers. This is in preparation for modules doing more correct delta-T derived animation.
2022-06-10til_threads: remove vestigial n_fragments counterVito Caputo
This is leftover from 4e5286 which was mostly removed when frame zeroing was simplified, but for some reason this was missed. Just get rid of the count as it's not used.
2022-06-10modules/blinds: use til_fb_put_pixel_checked()Vito Caputo
While testing an experimental checkers w/fill_module=blinds with ASAN it became clear this module is making flawed assumptions about fragment->frame_{width,height} and fragment->{width,height} being equal. When used by checkers for filling cells, there are situations where the edge cell fragments need to describe a frame slightly larger than the drawn area, because the cell size doesn't align perfectly to the overall window/screen dimensions. So in these cases the synthesized frame will still be a full cell's dimensions while the width,height serve to clip within that area. If modules aren't properly clipping their rendering, instead just using frame_{width,height}, then they will have to use the _checked() variants to ensure clipping occurs properly on a per-pixel (slower) basis.
2022-06-10modules/montage: minor fixupsVito Caputo
Contexts aren't void* anymore, and free the contexts array too on failure.
2022-06-10modules/montage: remove vestigial unused variableVito Caputo
This initializer could perform an out-of-bounds read since it occurs before the n_modules bounds check. Since the variable isn't even being used anymore just get rid of this. Also found via ASAN.
2022-06-10modules/pixbounce: use til_fb_put_pixel_checked()Vito Caputo
While testing a checkers change that fills cells using other modules, ASAN kept tripping on pixbounce: ==147817==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fc78a31c10c at pc 0x55b30cd406e2 bp 0x7fc790afd0d0 sp 0x7fc790afd0c8 WRITE of size 4 at 0x7fc78a31c10c thread T2 #0 0x55b30cd406e1 in til_fb_fragment_put_pixel_unchecked pixbounce.c #1 0x55b30cd3f8ae in pixbounce_render_fragment pixbounce.c #2 0x55b30cd1dffb in module_render_fragment til.c #3 0x55b30cd1d989 in til_module_render (/home/foo/src/rototiller/build/src/rototiller+0x134989) #4 0x55b30cd22534 in checkers_render_fragment checkers.c #5 0x55b30cd14681 in thread_func til_threads.c #6 0x7fc792b3d5c1 in start_thread pthread_create.c #7 0x7fc792bc2583 in __clone (/usr/lib/libc.so.6+0x112583) 0x7fc78a31c10c is located 2276 bytes to the right of 1228840-byte region [0x7fc78a1ef800,0x7fc78a31b828) allocated by thread T0 here: #0 0x55b30cccf219 in __interceptor_malloc (/home/foo/src/rototiller/build/src/rototiller+0xe6219) #1 0x7fc792d0e528 (/usr/lib/libSDL2-2.0.so.0+0x39528) Thread T2 created by T0 here: #0 0x55b30cc3cfa8 in pthread_create (/home/foo/src/rototiller/build/src/rototiller+0x53fa8) #1 0x55b30cd13fff in til_threads_create (/home/foo/src/rototiller/build/src/rototiller+0x12afff) #2 0x55b30cd1d573 in til_init (/home/foo/src/rototiller/build/src/rototiller+0x134573) #3 0x55b30cd08f6c in main (/home/foo/src/rototiller/build/src/rototiller+0x11ff6c) #4 0x7fc792add30f in __libc_start_call_main libc-start.c SUMMARY: AddressSanitizer: heap-buffer-overflow pixbounce.c in til_fb_fragment_put_pixel_unchecked Shadow bytes around the buggy address: 0x0ff97145b7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0ff97145b820: fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==147817==ABORTING --- Rather than spend time digging into pixbounce's arithmetic, just using the checked variant for now.
© All Rights Reserved