[gegl] gegl-imgcmp: main: if images differ, memcpy() right amount of string

From: Michael Henning <mhenning src gnome org>
To: commits-list gnome org
Cc:
Subject: [gegl] gegl-imgcmp: main: if images differ, memcpy() right amount of string
Date: Tue, 30 Jun 2015 02:29:11 +0000 (UTC)

commit d54c292d3e12a51e81e6972e532b89dea440ae28
Author: Roman Lebedev <lebedev ri gmail com>
Date:   Wed Jun 24 20:18:34 2015 +0300

    gegl-imgcmp: main: if images differ, memcpy() right amount of string
    
    If one of tests fail and images are different, we write image
    difference under a new name. We use very scary looking memcpy()
    to replace last 4 symbols of filename with "-diff.png", but
    since sizeof("-diff.png") == 10, we were reading 1 byte past
    string bound.
    
    Fixes AddressSanitiser complaint like:
    ...
    PASS apply-lens3.xml (OpenCL)
    /home/lebedevri/src/_GIMP/gegl/tests/compositions/reference/bump-map.png and 
/home/lebedevri/src/_GIMP/gegl/tests/compositions/output/bump-map.png differ
      wrong pixels   : 46/150000 (0.03%)
      max ?e         : 0.214
      avg ?e (wrong) : 0.111(wrong) 0.000(total)
    =================================================================
    ==29799==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000402aa0 at pc 0x4020b0 bp 
0x7fffa5051640 sp 0x7fffa5051638
    READ of size 11 at 0x000000402aa0 thread T0
        0 0x4020af in main /home/lebedevri/src/_GIMP/gegl/tools/gegl-imgcmp.c:148
        1 0x7fe64b509b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
        2 0x40154b (/home/lebedevri/src/_GIMP/gegl/tools/.libs/gegl-imgcmp+0x40154b)
    
    0x000000402aa0 is located 4205152 bytes insideASAN:SIGSEGV
    ==29799==AddressSanitizer: while reporting a bug found another one.Ignoring.
    FAIL bump-map.xml
    ...

 tools/gegl-imgcmp.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/tools/gegl-imgcmp.c b/tools/gegl-imgcmp.c
index 8629959..118567a 100644
--- a/tools/gegl-imgcmp.c
+++ b/tools/gegl-imgcmp.c
@@ -145,7 +145,7 @@ main (gint    argc,
           gchar *debug_path = g_malloc (strlen (argv[2])+16);
 
           memcpy (debug_path, argv[2], strlen (argv[2])+1);
-          memcpy (debug_path + strlen(argv[2])-4, "-diff.png", 11);
+          memcpy (debug_path + strlen(argv[2])-4, "-diff.png", 10);
 
           save = gegl_node_new_child (gegl,
                                       "operation", "gegl:png-save",

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]