From b6db673089503f40675c310131467e3be567a936 Mon Sep 17 00:00:00 2001 From: Robin Watts Date: Sat, 24 Dec 2011 12:32:25 +0000 Subject: Bug 692489 - fix SEGV in non-isolated/knockout blending Restrict images to the size of the shape when blending back. This seems to solve the problem; leaving code disabled until full tests complete. --- draw/draw_affine.c | 14 ++++++++++++-- draw/draw_device.c | 42 +++++++++++++++++++++--------------------- 2 files changed, 33 insertions(+), 23 deletions(-) diff --git a/draw/draw_affine.c b/draw/draw_affine.c index 936f4a7f..64a254ac 100644 --- a/draw/draw_affine.c +++ b/draw/draw_affine.c @@ -632,9 +632,19 @@ fz_paint_image_imp(fz_pixmap *dst, fz_bbox scissor, fz_pixmap *shape, fz_pixmap bbox = fz_round_rect(fz_transform_rect(ctm, fz_unit_rect)); bbox = fz_intersect_bbox(bbox, scissor); x = bbox.x0; + if (shape && shape->x > x) + x = shape->x; y = bbox.y0; - w = bbox.x1 - bbox.x0; - h = bbox.y1 - bbox.y0; + if (shape && shape->y > y) + y = shape->y; + w = bbox.x1; + if (shape && shape->x + shape->w < w) + w = shape->x + shape->w; + w -= x; + h = bbox.y1; + if (shape && shape->y + shape->h < h) + h = shape->y + shape->h; + h -= y; /* map from screen space (x,y) to image space (u,v) */ inv = fz_scale(1.0f / img->w, -1.0f / img->h); diff --git a/draw/draw_device.c b/draw/draw_device.c index 8f77d51e..640165ee 100644 --- a/draw/draw_device.c +++ b/draw/draw_device.c @@ -70,7 +70,7 @@ struct fz_draw_device_s #ifdef DUMP_GROUP_BLENDS static int group_dump_count = 0; -static void fz_dump_blend(fz_pixmap *pix, const char *s) +static void fz_dump_blend(fz_context *ctx, fz_pixmap *pix, const char *s) { char name[80]; @@ -82,7 +82,7 @@ static void fz_dump_blend(fz_pixmap *pix, const char *s) printf("%s%02d", s, group_dump_count); group_dump_count++; - fz_write_png(pix, name, (pix->n > 1)); + fz_write_png(ctx, pix, name, (pix->n > 1)); } static void dump_spaces(int x, const char *s) @@ -194,12 +194,12 @@ static void fz_knockout_end(fz_draw_device *dev) #ifdef DUMP_GROUP_BLENDS dump_spaces(dev->top, ""); - fz_dump_blend(group, "Blending "); + fz_dump_blend(dev->ctx, group, "Blending "); if (shape) - fz_dump_blend(shape, "/"); - fz_dump_blend(dev->dest, " onto "); + fz_dump_blend(dev->ctx, shape, "/"); + fz_dump_blend(dev->ctx, dev->dest, " onto "); if (dev->shape) - fz_dump_blend(dev->shape, "/"); + fz_dump_blend(dev->ctx, dev->shape, "/"); if (blendmode != 0) printf(" (blend %d)", blendmode); if (isolated != 0) @@ -221,9 +221,9 @@ static void fz_knockout_end(fz_draw_device *dev) fz_drop_pixmap(dev->ctx, shape); } #ifdef DUMP_GROUP_BLENDS - fz_dump_blend(dev->dest, " to get "); + fz_dump_blend(dev->ctx, dev->dest, " to get "); if (dev->shape) - fz_dump_blend(dev->shape, "/"); + fz_dump_blend(dev->ctx, dev->shape, "/"); printf("\n"); #endif } @@ -1171,13 +1171,13 @@ fz_draw_pop_clip(fz_device *devp) #ifdef DUMP_GROUP_BLENDS dump_spaces(dev->top, ""); - fz_dump_blend(dev->dest, "Clipping "); + fz_dump_blend(dev->ctx, dev->dest, "Clipping "); if (dev->shape) - fz_dump_blend(dev->shape, "/"); - fz_dump_blend(dest, " onto "); + fz_dump_blend(dev->ctx, dev->shape, "/"); + fz_dump_blend(dev->ctx, dest, " onto "); if (shape) - fz_dump_blend(shape, "/"); - fz_dump_blend(mask, " with "); + fz_dump_blend(dev->ctx, shape, "/"); + fz_dump_blend(dev->ctx, mask, " with "); #endif fz_paint_pixmap_with_mask(dest, dev->dest, mask); if (shape) @@ -1191,9 +1191,9 @@ fz_draw_pop_clip(fz_device *devp) fz_drop_pixmap(dev->ctx, dev->dest); dev->dest = dest; #ifdef DUMP_GROUP_BLENDS - fz_dump_blend(dev->dest, " to get "); + fz_dump_blend(dev->ctx, dev->dest, " to get "); if (dev->shape) - fz_dump_blend(dev->shape, "/"); + fz_dump_blend(dev->ctx, dev->shape, "/"); printf("\n"); #endif } @@ -1416,12 +1416,12 @@ fz_draw_end_group(fz_device *devp) #ifdef DUMP_GROUP_BLENDS dump_spaces(dev->top, ""); - fz_dump_blend(group, "Blending "); + fz_dump_blend(dev->ctx, group, "Blending "); if (shape) - fz_dump_blend(shape, "/"); - fz_dump_blend(dev->dest, " onto "); + fz_dump_blend(dev->ctx, shape, "/"); + fz_dump_blend(dev->ctx, dev->dest, " onto "); if (dev->shape) - fz_dump_blend(dev->shape, "/"); + fz_dump_blend(dev->ctx, dev->shape, "/"); if (alpha != 1.0f) printf(" (alpha %g)", alpha); if (blendmode != 0) @@ -1446,9 +1446,9 @@ fz_draw_end_group(fz_device *devp) fz_drop_pixmap(dev->ctx, shape); } #ifdef DUMP_GROUP_BLENDS - fz_dump_blend(dev->dest, " to get "); + fz_dump_blend(dev->ctx, dev->dest, " to get "); if (dev->shape) - fz_dump_blend(dev->shape, "/"); + fz_dump_blend(dev->ctx, dev->shape, "/"); printf("\n"); #endif } -- cgit v1.2.3