network/krfb
network/krfb
1
0
Fork 0
mirror of https://invent.kde.org/network/krfb synced 2024-07-01 07:24:29 +00:00
Code Issues Projects Releases Wiki Activity

Fix crash when the destination stride != source stride

Browse Source 
When we allocate the locally mapped texture size, use the announced
stride (aka bytes per line) instead of the texture width. Otherwise we
might overflow and crash eventually.

BUG: 438815
This commit is contained in:
Aleix Pol 2021-06-17 21:03:56 +02:00
parent 073cec3dc3
commit b8f972d59e
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
framebuffers/pipewire/pw_framebuffer.cpp
View File

@ -649,6 +649,7 @@ void PWFrameBuffer::Private::handleFrame(pw_buffer *pwBuffer)
}
std::function<void()> cleanup;
const qint64 srcStride = spaBuffer->datas[0].chunk->stride;
if (spaBuffer->datas->type == SPA_DATA_MemFd) {
uint8_t *map = static_cast<uint8_t*>(mmap(
nullptr, spaBuffer->datas->maxsize + spaBuffer->datas->mapoffset,
@ -704,7 +705,7 @@ void PWFrameBuffer::Private::handleFrame(pw_buffer *pwBuffer)
glBindTexture(GL_TEXTURE_2D, texture);
glEGLImageTargetTexture2DOES(GL_TEXTURE_2D, image);
src = static_cast<uint8_t*>(malloc(streamSize.width() * streamSize.height() * BYTES_PER_PIXEL));
src = static_cast<uint8_t*>(malloc(srcStride * streamSize.height()));
GLenum glFormat = GL_BGRA;
switch (videoFormat->format) {
@ -792,7 +793,7 @@ void PWFrameBuffer::Private::handleFrame(pw_buffer *pwBuffer)
}
const qint32 dstStride = videoSize.width() * BYTES_PER_PIXEL;
const qint32 srcStride = spaBuffer->datas[0].chunk->stride;
Q_ASSERT(dstStride <= srcStride);
if (!videoFullHeight && (videoMetadata->region.position.y + videoSize.height() <= streamSize.height())) {
src += srcStride * videoMetadata->region.position.y;