1304114 - compiler check buffer overflow in SkPixmap.cpp

Status: RESOLVED FIXED

(Core :: Graphics, defect, P1)

Description

[Wolfgang Rosenauer [:wolfiR]]

Building for IA32 I get this warning which is treated as error in our build:

[ 2916s] In function 'void* memcpy(void*, const void*, size_t)',
[ 2916s]     inlined from 'void SkNx<1, T>::store(void*) const [with T = float]' at /home/abuild/rpmbuild/BUILD/mozilla/gfx/skia/skia/src/core/SkNx.h:122:35,
[ 2916s]     inlined from 'void SkNx<N, T>::store(void*) const [with int N = 2; T = float]' at /home/abuild/rpmbuild/BUILD/mozilla/gfx/skia/skia/src/core/SkNx.h:54:9,
[ 2916s]     inlined from 'void SkNx<N, T>::store(void*) const [with int N = 4; T = float]' at /home/abuild/rpmbuild/BUILD/mozilla/gfx/skia/skia/src/core/SkNx.h:53:9,
[ 2916s]     inlined from 'bool SkPixmap::erase(const SkColor4f&, const SkIRect*) const' at /home/abuild/rpmbuild/BUILD/mozilla/gfx/skia/skia/src/core/SkPixmap.cpp:229:48:
[ 2916s] /usr/include/bits/string3.h:51:71: warning: call to void* __builtin___memcpy_chk(void*, const void*, unsigned int, unsigned int) will always overflow destination buffer [enabled by default]
[ 2916s]    return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));

Comment 1

[Lee Salzman [:lsalzman]]

Attachment: fix invalid Sk4f store to SkColor in SkPixmap::erase

This store is bogus and indeed overflowing. SkColor is a uint32_t typedef, and we're storing a float[4] vec to it. This was supposed to have an SkNx_cast<uint8_t> preceding it.

The offending code no longer exists in upstream Skia, but the patch in which it was changed is too extensive to backport. This cast should fix it for us till we update.

Comment 2

[Pulsebot]

Pushed by lsalzman@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/db14395dc391
fix invalid Sk4f store to SkColor in SkPixmap::erase. r=jrmuizel

Comment 3

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/db14395dc391