[cairo] [PATCH] scan-converter: Explicitly cast to int when flooring

Fri Sep 11 08:22:12 PDT 2015

Am 10.09.2015 um 20:56 schrieb Bryce Harrington:
> The code in question is attempting to do x*a/b, however for sufficiently
> large x and a, this can exceed integer limits; the code accounts for
> this by casting x*a to a long long.  However, when then assigning this
> value to our quorem value this results in an implicit cast to int, which
> valgrind flags as an 'invalid write'.

...?!?

How can an implicit cast cause an invalid write for valgrind? Wouldn't an
explicit cast have the exact same effect as an implicit one here?

Uli

> Signed-off-by: Bryce Harrington <bryce at osg.samsung.com>
> ---
>  src/cairo-botor-scan-converter.c    | 4 ++--
>  src/cairo-clip-tor-scan-converter.c | 4 ++--
>  src/cairo-mono-scan-converter.c     | 4 ++--
>  src/cairo-tor22-scan-converter.c    | 4 ++--
>  4 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/src/cairo-botor-scan-converter.c b/src/cairo-botor-scan-converter.c
> index 515305b..b76d2fa 100644
> --- a/src/cairo-botor-scan-converter.c
> +++ b/src/cairo-botor-scan-converter.c
> @@ -199,8 +199,8 @@ floored_muldivrem(int x, int a, int b)
>  {
>      struct quorem qr;
>      long long xa = (long long)x*a;
> -    qr.quo = xa/b;
> -    qr.rem = xa%b;
> +    qr.quo = (int32_t)(xa/b);
> +    qr.rem = (int32_t)(xa%b);
>      if ((xa>=0) != (b>=0) && qr.rem) {
>  	qr.quo--;
>  	qr.rem += b;
> diff --git a/src/cairo-clip-tor-scan-converter.c b/src/cairo-clip-tor-scan-converter.c
> index e32a5a9..ac581da 100644
> --- a/src/cairo-clip-tor-scan-converter.c
> +++ b/src/cairo-clip-tor-scan-converter.c
> @@ -439,8 +439,8 @@ floored_muldivrem(int x, int a, int b)
>  {
>      struct quorem qr;
>      long long xa = (long long)x*a;
> -    qr.quo = xa/b;
> -    qr.rem = xa%b;
> +    qr.quo = (int32_t)(xa/b);
> +    qr.rem = (int32_t)(xa%b);
>      if ((xa>=0) != (b>=0) && qr.rem) {
>  	qr.quo -= 1;
>  	qr.rem += b;
> diff --git a/src/cairo-mono-scan-converter.c b/src/cairo-mono-scan-converter.c
> index 2a9546c..1040cad 100644
> --- a/src/cairo-mono-scan-converter.c
> +++ b/src/cairo-mono-scan-converter.c
> @@ -107,8 +107,8 @@ floored_muldivrem(int x, int a, int b)
>  {
>      struct quorem qr;
>      long long xa = (long long)x*a;
> -    qr.quo = xa/b;
> -    qr.rem = xa%b;
> +    qr.quo = (int32_t)(xa/b);
> +    qr.rem = (int32_t)(xa%b);
>      if ((xa>=0) != (b>=0) && qr.rem) {
>  	qr.quo -= 1;
>  	qr.rem += b;
> diff --git a/src/cairo-tor22-scan-converter.c b/src/cairo-tor22-scan-converter.c
> index 4cec5ee..e7f72cd 100644
> --- a/src/cairo-tor22-scan-converter.c
> +++ b/src/cairo-tor22-scan-converter.c
> @@ -478,8 +478,8 @@ floored_muldivrem(int x, int a, int b)
>  {
>      struct quorem qr;
>      long long xa = (long long)x*a;
> -    qr.quo = xa/b;
> -    qr.rem = xa%b;
> +    qr.quo = (int32_t)(xa/b);
> +    qr.rem = (int32_t)(xa%b);
>      if ((xa>=0) != (b>=0) && qr.rem) {
>  	qr.quo -= 1;
>  	qr.rem += b;
> 

-- 
- He made himself, me nothing, you nothing out of the dust
- Er machte sich mir nichts, dir nichts aus dem Staub