Closed Bug 1304114 Opened 4 years ago Closed 4 years ago
compiler check buffer overflow in Sk
Building for IA32 I get this warning which is treated as error in our build: [ 2916s] In function 'void* memcpy(void*, const void*, size_t)', [ 2916s] inlined from 'void SkNx<1, T>::store(void*) const [with T = float]' at /home/abuild/rpmbuild/BUILD/mozilla/gfx/skia/skia/src/core/SkNx.h:122:35, [ 2916s] inlined from 'void SkNx<N, T>::store(void*) const [with int N = 2; T = float]' at /home/abuild/rpmbuild/BUILD/mozilla/gfx/skia/skia/src/core/SkNx.h:54:9, [ 2916s] inlined from 'void SkNx<N, T>::store(void*) const [with int N = 4; T = float]' at /home/abuild/rpmbuild/BUILD/mozilla/gfx/skia/skia/src/core/SkNx.h:53:9, [ 2916s] inlined from 'bool SkPixmap::erase(const SkColor4f&, const SkIRect*) const' at /home/abuild/rpmbuild/BUILD/mozilla/gfx/skia/skia/src/core/SkPixmap.cpp:229:48: [ 2916s] /usr/include/bits/string3.h:51:71: warning: call to void* __builtin___memcpy_chk(void*, const void*, unsigned int, unsigned int) will always overflow destination buffer [enabled by default] [ 2916s] return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
Assignee: nobody → lsalzman
Severity: major → normal
Status: NEW → ASSIGNED
Priority: -- → P1
This store is bogus and indeed overflowing. SkColor is a uint32_t typedef, and we're storing a float vec to it. This was supposed to have an SkNx_cast<uint8_t> preceding it. The offending code no longer exists in upstream Skia, but the patch in which it was changed is too extensive to backport. This cast should fix it for us till we update.
Attachment #8793485 - Flags: review?(jmuizelaar)
Attachment #8793485 - Flags: review?(jmuizelaar) → review+
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/mozilla-inbound/rev/db14395dc391 fix invalid Sk4f store to SkColor in SkPixmap::erase. r=jrmuizel
You need to log in before you can comment on or make changes to this bug.