[gimp/wip/Jehan/Issue-6610: 4/4] Issue #6610: crashes on free select for images of certain dimensions.

From: Jehan <jehanp src gnome org>
To: commits-list gnome org
Cc:
Subject: [gimp/wip/Jehan/Issue-6610: 4/4] Issue #6610: crashes on free select for images of certain dimensions.
Date: Wed, 4 Aug 2021 14:41:46 +0000 (UTC)


commit f2fb98cb690414f0741aa6a46759616e18d6e186
Author: Jehan <jehan girinstud io>
Date:   Wed Aug 4 00:29:56 2021 +0200

    Issue #6610: crashes on free select for images of certain dimensions.
    
    g_alloca() is unadvised. Even though it might be more efficient in some
    specific cases, it is pretty subject to stack overflow when a lot of
    memory is requested.
    
    Let's allocate dynamic memory instead. To avoid doing it too much, let's
    just reuse the same pointer especially since region of interest will
    usually be the same size when iterating a buffer, except for border
    ones (which would usually be smaller, so we can use the same allocated
    buffer again). I still make size checks, just in case.

 app/core/gimpscanconvert.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)
---
diff --git a/app/core/gimpscanconvert.c b/app/core/gimpscanconvert.c
index 3aaedf4700..2235080b9a 100644
--- a/app/core/gimpscanconvert.c
+++ b/app/core/gimpscanconvert.c
@@ -497,6 +497,8 @@ gimp_scan_convert_render_full (GimpScanConvert *sc,
                                gdouble          value)
 {
   const Babl         *format;
+  guchar             *shared_buf      = NULL;
+  gsize               shared_buf_size = 0;
   GeglBufferIterator *iter;
   GeglRectangle      *roi;
   cairo_t            *cr;
@@ -545,7 +547,13 @@ gimp_scan_convert_render_full (GimpScanConvert *sc,
        */
       if (roi->width * bpp != stride)
         {
-          tmp_buf = g_alloca (stride * roi->height);
+          if (shared_buf_size < stride * roi->height)
+            {
+              shared_buf_size = stride * roi->height;
+              g_free (shared_buf);
+              shared_buf = g_malloc (shared_buf_size);
+            }
+          tmp_buf = shared_buf;
 
           if (! replace)
             {
@@ -634,4 +642,6 @@ gimp_scan_convert_render_full (GimpScanConvert *sc,
             }
         }
     }
+
+  g_free (shared_buf);
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]