mirror of
https://github.com/SerenityOS/serenity
synced 2024-07-21 10:05:32 +00:00
LibGfx: Fix dynamic bitmasks in BMPs
I overlooked a corner case where we might call the built-in ctz() on zero.
Furthermore, the calculation of the shift was wrong and the results were often
unusable.
Both issue were caused by a forgotten 36daeee34f
.
This time I made sure to look at bmpsuite_files first, and now they look good.
Found by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28985
This commit is contained in:
parent
648f153951
commit
4332dfb964
|
@ -81,9 +81,16 @@ ALWAYS_INLINE int count_trailing_zeroes_32(unsigned int val)
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
ALWAYS_INLINE int count_trailing_zeroes_32_safe(unsigned int val)
|
||||||
|
{
|
||||||
|
if (val == 0)
|
||||||
|
return 32;
|
||||||
|
return count_trailing_zeroes_32(val);
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef AK_OS_BSD_GENERIC
|
#ifdef AK_OS_BSD_GENERIC
|
||||||
# define CLOCK_MONOTONIC_COARSE CLOCK_MONOTONIC
|
# define CLOCK_MONOTONIC_COARSE CLOCK_MONOTONIC
|
||||||
# define CLOCK_REALTIME_COARSE CLOCK_REALTIME
|
# define CLOCK_REALTIME_COARSE CLOCK_REALTIME
|
||||||
#endif
|
#endif
|
||||||
}
|
|
||||||
|
|
|
@ -368,8 +368,14 @@ static void populate_dib_mask_info_if_needed(BMPLoadingContext& context)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
int trailing_zeros = count_trailing_zeroes_32(mask);
|
int trailing_zeros = count_trailing_zeroes_32(mask);
|
||||||
int size = count_trailing_zeroes_32(~(mask >> trailing_zeros));
|
// If mask is exactly `0xFFFFFFFF`, then we might try to count the trailing zeros of 0x00000000 here, so we need the safe version:
|
||||||
mask_shifts.append(trailing_zeros - 8);
|
int size = count_trailing_zeroes_32_safe(~(mask >> trailing_zeros));
|
||||||
|
if (size > 8) {
|
||||||
|
// Drop lowest bits if mask is longer than 8 bits.
|
||||||
|
trailing_zeros += size - 8;
|
||||||
|
size = 8;
|
||||||
|
}
|
||||||
|
mask_shifts.append(size + trailing_zeros - 8);
|
||||||
mask_sizes.append(size);
|
mask_sizes.append(size);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue