From 51e38e69f075d99bbab13d52e3c70840bf341cc4 Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Mon, 2 May 2022 09:52:55 -0700 Subject: modules/submit: fix bilerp mode out-of-bounds access Found via -fsanitize=address, this is a quick and dirty way to prevent the OOB access without adding more conditionals, just prevent scaling the fragment dimensions to the full grid dimensions. This could be done better by reworking things a bit and putting zero at the center of the grid with a -1..+1 mapping, so rounding towards zero would land in the middle as opposed to off the start, with the existing .5f offset. But for now just fix the bug, nobody will notice the slight LCD overscan-style difference of bilerp=on vs. off due to this way. --- src/modules/submit/submit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/modules/submit/submit.c b/src/modules/submit/submit.c index 1f3a2ae..af2d044 100644 --- a/src/modules/submit/submit.c +++ b/src/modules/submit/submit.c @@ -208,15 +208,15 @@ static void draw_grid(submit_context_t *ctxt, til_fb_fragment_t *fragment) static void draw_grid_bilerp(submit_context_t *ctxt, til_fb_fragment_t *fragment) { - float xscale = ((float)GRID_SIZE - 1.f) / (float)fragment->frame_width; - float yscale = ((float)GRID_SIZE - 1.f) / (float)fragment->frame_height; + float xscale = ((float)GRID_SIZE - 2.f) / (float)fragment->frame_width; + float yscale = ((float)GRID_SIZE - 2.f) / (float)fragment->frame_height; for (int y = 0; y < fragment->height; y++) { for (int x = 0; x < fragment->width; x++) { uint32_t color; /* TODO: this could be optimized a bit! i.e. don't recompute the y for every x etc. */ - color = sample_grid_bilerp(ctxt, .5f + ((float)(fragment->x + x)) * xscale, .5f + ((float)(fragment->y + y)) * yscale); + color = sample_grid_bilerp(ctxt, 1.f + ((float)(fragment->x + x)) * xscale, 1.f + ((float)(fragment->y + y)) * yscale); til_fb_fragment_put_pixel_unchecked(fragment, 0, fragment->x + x, fragment->y + y, color); } } -- cgit v1.2.1